The Cloud Computing Compliance Criteria Catalogue, also
referred to as
was developed by the German Federal Office for Information
Security (BSI) as a way to assess the information security
of cloud services that leverage internationally recognized
security standards like
to set a consistent audit baseline that helps establish a
framework of trust between cloud providers and their
Google previously received an attestation for the BSI’s
Cloud Computing Compliance Controls Catalog (“C5”). The BSI
revised the guidance as
in 2020. The C5:2020 expands the scope of C5 and addresses
including a section on product safety and security.
Through an independent third-party audit, Google Cloud
(Google Workspace and Google Cloud Platform) has achieved an
attestation against the C5:2020 requirements. Current and
potential customers can use the C5:2020 attestation as
verification of compliance and as part of their assessment
for using Google Cloud services.
Cloud Computing Compliance Criteria Catalogue (C5:2020)
reports may be requested via the
Compliance Reports Manager.
Potential customers can reach out to
for more information.