Thinkproject solutions pass SOC 2 & C5 audits
Thinkproject has received official SOC 2 & C5 certifications for its Document & Communication Management solutions and services.
The U.S. SOC 2 security standard (System and Organization Controls 2), which has been defined by the American Institute of Certified Public Accountants (AICPA), is primarily aimed at security in cloud computing, unlike standards such as ISO/IEC 27001. The standard also aims to create maximum information security for cloud services – for operators and customers alike. The audit for Thinkproject’s SOC 2 attestation was carried out by HKKG Wirtschaftsprüfungsgesellschaft, headquartered in Cologne.
The SOC 2 test was derived from the C5 test by comparing the requirements. Thus, Thinkproject has received an attestation according to the German C5 criteria and the SOC 2 requirements at the same time. C5:2020 (Cloud Computing Compliance Controls Catalogue) is a catalogue of criteria used by the German Federal Office for Information Security (BSI) to define the requirements for secure and compliance-compliant cloud computing. If, for example, German (federal) authorities and financial institutions use cloud offerings, there is even a legal obligation to insist on compliance with the C5 criteria when awarding contracts. C5 has similar relevance for operators of critical infrastructure (KRITIS) according to the German BSI law.
The SOC 2 and C5 criteria catalogues
The SOC 2 and C5 attestations prove that Thinkproject’s SaaS-based Common Data Environments (CDE) – CONCLUDE CDE and EPLASS CDE – have the highest level of security for cloud solutions. SOC 2 is originally a U.S. standard according to which service organisations generate reports on the status of defined internal control parameters. These parameters include the security and availability of the data, the integrity of the data processing, confidentiality and data protection aspects.
The American Institute of Certified Public Accountants has defined this security standard in accordance with the AICPA Trust Services Principles and Criteria. Closely related to the criteria of SOC 2 is the specifically German criteria catalogue C5 of the German Federal Office for Information Security (BSI).
An attestation according to the BSI’s C5 criteria catalogue can also be regarded as an indicator that a provider of cloud services protects its infrastructure as strongly as possible against cyberattacks. The BSI’s C5 catalogue comprises 17 categories (domains), which consist of basic criteria, additional criteria and supplementary information.
In total, the C5 catalogue defines 127 requirements (controls) across the entire company, its processes and its personnel. For example, C5 deals with requirements relating to personnel deployed, physical security compliance, identity and rights management, communication security, cryptographic measures and key management, as well as the handling of security incidents.
IT security is indispensable for SaaS solutions
“In Germany, C5 conformity is often a mandatory, legally required criterion for public sector tenders,” explains Dr. Ralf Hundhammer, CTO of Thinkproject. “This catalogue of requirements from the BSI has similar relevance for operators of critical infrastructure and for financial institutions. One could say that the C5 attestation of subcontractors such as Thinkproject is indispensable for operators of KRITIS to ensure verified, highest possible information security. But the triumph of cloud computing continues throughout the economy, worldwide,” says Thinkproject CTO Ralf Hundhammer.
“Whether SOC 2 or C5 – more and more companies are paying close attention to the fact that a provider meets the relevant security standards when choosing a cloud or SaaS provider, if only out of well-understood self-interest. In this context, the great advantage of criteria catalogues such as SOC 2 and C5 is that they specifically address security in cloud computing. In the cloud sector, they have much more granular requirements than ISO 27001, for example. With the successful SOC 2 and C5 audit, we can now document that we meet all security requirements at Thinkproject: from general certification according to ISO 27001 to cloud-specific attestations. For us and for our customers, cybersecurity is rightly a topic of central importance,” he adds, “because digitalization and information security must go hand in hand.”
-
News
Apr. 16, 2024
Thinkproject and GAMMA AR enter partnership
Read moreThinkproject is excited to announce its newest partnership with GAMMA AR, a Europe-based company bringing the latest in Augmented Reality to the built asset industry.
-
News
Feb. 26, 2024
Thinkproject solutions pass SOC 2 & C5 audits
Read moreThinkproject has received official SOC 2 & C5 certifications for its Document & Communication Management solutions and services.
-
News
Feb. 12, 2024
Recertification of Thinkproject’s IT solutions, services & locations
Read moreThe latest assessment proves that Thinkproject continues to consistently comply with the strict guidelines of ISO/IEC 27001:2013.
-
News
Feb. 6, 2024
Thinkproject receives Level 2 BIM attestation
Read moreTÜV ISO 19650 conformance towards BIM information management according to international standard
-
News
Jan. 31, 2024
Thinkproject appoints new non-executive Board Members
Read moreThe non-executive appointments of Darren Roos and Constance Minc will accelerate the company’s international expansion and growth aspirations.
-
News
Jan. 29, 2024
New wastewater pilot project announced
Read moreThinkproject Asset Management will support the Gemünden municipal utility company as they drive innovation for their wastewater treatment operations.
-
News
Nov. 30, 2023
Thinkproject awarded Industry Partner Award
Read moreThinkproject will be actively contributing to AccXel’s Skills Steps program by delivering tailored modules on digital technology.
-
News
Sep. 19, 2023
Thinkproject’s emissions reduction target approved
Read moreIn the German software & services sector there are only 19 companies that have committed to establish Science Based Targets. Only nine of them have their reduction targets already approved by SBTi: Thinkproject is now one of them.
-
News
Nov. 16, 2022
Thinkproject accepted as participant of the UNGC
Read moreThrough our business practices and our platform, we have a responsibility to our customers, our people and our communities to build a better world. With the United Nations Global Compact, we can make strides in driving sustainable in the built asset and technology industries.