Tencent Cloud has passed the German C5:2020 basic and additional audit criteria, demonstrating that the security controls of Tencent Cloud services comply with the standards of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) and can further meet the data security compliance requirements of Germany and Europe.
On August 31, 2020, Tencent Cloud passed the German BSI C5:2020 cloud security basic and additional audit criteria, proving its global leading position in the development of security policies and technical applications for cloud platforms. The Cloud Computing Compliance Criteria Catalogue (C5) was developed by the German BSI with the aim of verifying the information security compliance of cloud providers based on standardized inspections and reports.
The C5:2020 criteria include 17 objectives regarding the information security of cloud services, such as information security organization, security policies and instructions, personnel, asset management, and physical security, and stipulate general principles, procedures, and measures to achieve these objectives. Compared with the 2016 version, C5:2020 expands the criteria to add a new section “Dealing with investigation requests from government agencies" based on the EU Cybersecurity Act, which puts forward more stringent requirements for the security management levels of cloud providers.
C5:2020 is not only an essential cloud security benchmark for the adoption of cloud solutions by German government agencies and organizations, but it is also widely adopted by the private sector in Europe and around the world. Moreover, it is a high-level security standard recognized by the cloud industry and an important baseline for cloud providers to comply with the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the EU General Data Protection Regulation (GDPR).
Tencent Cloud's alignment with the C5:2020 basic and additional audit criteria demonstrates that its users are in strict compliance with German data security guidelines. This certification also enables Tencent Cloud to help users fully understand its security controls through a transparent communication mechanism, enhancing user trust in its services and products.