What is Trusted Cloud?
After the ending of the program Trusted Cloud of the Federal Ministry of Economic Affairs and Energy (Bundesministerium für Wirtschaft und Energie, BMWi) the nonprofit association "Kompetenznetzwerk Trusted Cloud" was founded. BMWi took the patronage for it.
The offer of Trusted Cloud consists of:
How do C5 and Trusted Cloud compare?
Trusted Cloud is mainly directed towards small and medium enterprises, both cloud service provider and cloud service user. C5 is mainly directed towards medium an large cloud service provider and their professional customers. But both catalogues are not limited to these audiences.
The criteria catalogue of Trusted Cloud comprises not only of aspects of data security but also of criteria for quality and transparency as well as data protection and contractual issues. C5 focuses on information security (and transparency) and is more extensive compared to the Trusted Cloud criteria catalogue, the security requirements are more explicit and targets for a a higher security level, if comparing the minimum requirements. Extend and manner of the C5 audit are more elaborate and result in a much more detailed statement of the security. The criteria catalogue of Trusted Cloud addresses more topics cloud user are interested in.
In this respect both catalogues complement one another and are not competitors.
What is TCDP (Trusted Cloud Data Protection Profile)?
A major aspect of the expired program "Trusted Cloud" of BMWi was data protection. It was a goal to build a solid base for a data protection certification especially for cloud services. In a unique constellation research, data protection authorities, cloud service provider and cloud service user worked together to achieve a common solution. So TCDP, the Trusted Cloud Data Protection Profile (www.tcdp.de) developed that is now managed by Stiftung Datenschutz.
Is it possible to use TCDP in conjunction with C5?
TCDP and C5 overlap in many requirements. Data (or information) security plays an important role in data protection, described in the so called technical and organizational measures (TOM). There are many commonalities between TCDP and C5, so that together within a C5 audit also a data protection certification can be performed in an efficient way. However C5 does not cover any legal aspects of data protection. TCDP (like the Trusted Cloud Label) is based on the German Bundesdatenschutzgesetz (BDSG) but will be adopted a the EU data protecion directive .