Certificates & Audits

Fabasoft's software products and Cloud Services have received numerous international certifications and awards in terms of reliability, data and data center security and accessibility. This proves our high quality and security standards.

Attestation

Cloud Computing Compliance Criteria Catalogue (C5)

Fabasoft was 2017 the first European provider of cloud services to receive the attestation pursuant to the requirements of the catalog of requirements C5 (Cloud Computing Compliance Criteria Catalog, in short: C5), issued by the Federal Office for Information Security (BSI). The C5 attestation pursuant to the requirements of the BSI is a recognized and reliable proof which transparently reveals the high level of information security of the Fabasoft Cloud for all Fabasoft Cloud customers. Until 2020 the KPMG Alpen-Treuhand GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft issued the attestation.

At the beginning of 2021, Fabasoft was audited for the first time in accordance with the new BSI Standard C5:2020. The audit was conducted by PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft, Germany.

The catalogue of requirements of the BSI specifies the minimum requirements that cloud service providers must meet. The information on the general conditions of the cloud service serves to provide customers with additional information on the level of information security offered by Fabasoft and ensures transparency with regard to information on jurisdiction and locations, availability and incident handling during regular operation, recovery parameters in emergency operation, availability of the data center, how investigation enquiries from government authorities are handled and certifications or attestations.

 

Attestation

ISAE 3402 Type 2

The International Standard on Assurance Engagements (ISAE 3402) is the international testing standard that assesses the effectiveness of internal control systems (IKS) of service providing organizations. The standard was created by the International Auditing and Assurance Standards Board (IAASB) as a successor to the SAS 70 Standard. Up until 2011 Fabasoft was tested according to the AICPA´s reporting standard SAS 70 Type 2, afterwards according to ISAE.

ISAE 3402 aims to extensively test an organization´s internal control system and to rate its effectiveness in detail. The testing takes place over a six month period. The ISAE 3402 test report contains the opinion of an external test company on the control procedure at the service provider, a description of the control points, the test methods and controls, information about the test period and a statement about the effectiveness of the controls.

Attestation

ISAE 3000 SOC2

Fabasoft completed the SOC2  audit for its Fabasoft Cloud, marketed under the name Fabasoft Business Process Cloud since the beginning of 2020. PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft, Germany, issued the audit report.

As part of the audit process, PwC checked whether the Trust Service Criteria (TSC) for Security – issued by the American Institute of Certified Public Accountants (AICPA) – are being adhered to. Therefore, the existing internal control mechanisms for the services offered – for example with regard to risk minimization, access controls, monitoring measures or communication – were examined and documented. The audit took the form of an ISAE 3000  audit (checking the control implementation within a defined test period). Fabasoft received the final audit results as an ISAE 3000 SOC2  report.