Global CDN Made in Germany achieves BSI C5 certification
MYRA NEWS | 15 August 2022
Myra Security is among the few security-as-a-service providers worldwide to hold a BSI C5 test certificate. The Cloud Computing Compliance Criteria Catalogue (C5) follows a comprehensive approach to demonstrate optimal protection of all processes and systems according to the state of the art.
The BSI C5 test certificate serves companies as proof of compliance with the highest requirements and standards for information security, data protection and transparency. While the requirements for C5 are defined by the German Federal Office for Information Security (BSI), the audit and certification are performed by auditors.
Sascha Schumann, founder and CEO of Myra Security, explains what challenges, but also opportunities, the C5 test certificate brings with it.
Sascha Schumann: In principle, both our customers and potential new customers benefit when a service provider has a C5 test certificate, as it transparently ensures compliance with the highest standards of IT security and data protection. We demonstrate these high standards anew with the certificate.
With Myra, we have a strong focus on companies from highly regulated sectors such as banking, insurance, healthcare, or public services. In addition to a high degree of legal certainty, we also offer these companies the option of using the C5 certificate for their own risk management. The certificate is also particularly relevant for public authorities, as they are partly obliged under EVB-IT to use cloud service providers with C5 certification.
AICPA Trust Services Principles Criteria 2014 (SOC 2)
ANSSI Référentiel Secure Cloud v2.0
CSA – Cloud Controls Matrix 3.01 (CSA CCM)
IDW ERS FAIT 5
BSI IT-Grundschutz 14. EL 2014
BSI SaaS Sicherheitsprofile 2014
Sascha Schumann: As a cloud-specific catalog of requirements, BSI C5 is one of the strictest IT security standards in the world. The test certificate brings together the most established international standards, is recognized worldwide, and accordingly pays off our strategy of increasingly positioning Myra as one of the few DSGVO-compliant providers on the market.
Sascha Schumann: The special feature of C5 is that the catalog of requirements is not limited purely to technical and process-related specifications. Here, the cloud provider is much more scrutinized. In addition to cyber security, compliance and data protection, topics such as personnel requirements, physical security or procurement and development therefore also play a role. A total of 17 requirement areas are examined, defining 125 basic requirements with some optional additional requirements.
Sascha Schumann: Myra has taken a C5 Type 2 test. This means that in addition to examining the appropriateness, the effectiveness of the specified criteria is also examined - and this is done over a period of twelve months. Myra's C5 audit involved all areas of the company, including IT Operations, IT Development, Human Resources and our Information Security & Compliance Management. In total, the time spent on the audit across all departments amounted to well over 500 working hours. During the approximately three-month follow-up alone, various performance records and audit documents had to be prepared for the entire audit period.
I am proud of the performance of our teams and very happy to have our high level of quality and safety formally confirmed once again for customers and the market.
Organization of information security
Security guidelines and work instructions
Requirements for personnel
Measures for regular operations
Identity and authorization management
Cryptography and key management
Portability and interoperability
Procurement, development and modification of information systems
Control and monitoring of service providers and suppliers
Security incident management
Business continuity and emergency management
Security auditing and verification
Compliance and data protection
Mobile device management
15 July 2020
18 December 2019
21 October 2021