The Cloud Computing Compliance Controls Catalogue (C5) was developed by the German Federal
Office for Information Security (BSI) as a mechanism for assessing the information security
of cloud services. As an audit standard, C5 helps establish a framework of trust between cloud
customers and cloud providers by leveraging internationally recognized security standards,
such as ISO 27001.
In addition to setting a baseline for cloud security, C5 focuses on increasing the level of
transparency by adding specific controls that cloud customers can use as part of their risk
Through an independent, third party audit, Google Cloud (G Suite and Google Cloud Platform)
has achieved C5 attestation. Google Cloud customers can use the C5 attestation as verification
of compliance and as part of their assessment for using Google Cloud services. The C5
attestation for Google Cloud Platform and G Suite can be requested by contacting your Field
Sales Representative or the Google Support team.