The Cloud Computing Compliance Criteria Catalogue, also referred to as C5:2020, was developed by the German Federal Office for Information Security (BSI) as a way to assess the information security of cloud services that leverage internationally recognized security standards like ISO/IEC 27001 to set a consistent audit baseline that helps establish a framework of trust between cloud providers and their customers.
Google previously received an attestation for the BSI’s Cloud Computing Compliance Controls Catalog (“C5”). The BSI revised the guidance as C5:2020 in 2020. The C5:2020 expands the scope of C5 and addresses new requirements, including a section on product safety and security.
Through an independent third-party audit, Google Cloud (Google Workspace and Google Cloud) has achieved an attestation against the C5:2020 requirements. Current and potential customers can use the C5:2020 attestation as verification of compliance and as part of their assessment for using Google Cloud services.