In October 2024, the Aachen-based IT provider for the energy and water industry KISTERS successfully demonstrated compliance with the SOC 2 Type 2 and BSI C5 Type 2 criteria for its KISTERScloud services in a combined audit. The addition ‘Type 2’ means that KISTERS not only fulfilled the criteria at a certain point in time (Type 1), but that the company has consistently implemented the measures for information security and data protection for an entire year and was able to prove this accordingly. “The independent testing of the criteria catalogues according to SOC 2 and C5 complements our certification according to the international standard ISO 27001, which has been in place since 2017, and represents another important step in the continuous improvement of our information security,” explains Dr Heinz-Josef Schlebusch, CISO of the KISTERS Group. “The new Type 2 attestations confirm the effectiveness of our measures.”
“IT security and data protection are our top priorities,” adds Klaus Kisters, CEO of the KISTERS Group. “Independent attestations and certifications in accordance with internationally recognised regulations make our cost-intensive security measures tangible for our customers. They strengthen trust in KISTERS as their IT service provider and at the same time help them to fulfil their own regulatory requirements in the area of information security.”
Strict criteria fulfilled.
The SOC 2 attestation proves that the KISTERScloud services fulfil the requirements of the five Trust Services Criteria (TSC) security, availability, processing integrity, confidentiality and data protection. This means, among other things, that extensive and appropriate measures have been taken to control data security, to protect customer data from unauthorised access, to detect anomalies and security incidents and to ensure the availability of the IT systems to the required extent. Compliance with the German Federal Offices' minimum requirements for cloud service providers (C5) proves that operational processes are checked and monitored, that appropriate security precautions are in place for the IT infrastructure and that customer data is reliably available and usable.