Certificates & Audits

Fabasoft's software products and Cloud Services have received numerous international certifications and awards in terms of reliability, data and data center security and accessibility. This proves our high quality and security standards.


Cloud Computing Compliance Controls Catalogue (C5)

Fabasoft was the first European provider of cloud services to receive the attestation pursuant to the requirements of the catalog of requirements C5 (Cloud Computing Compliance Controls Catalog, in short: C5), issued by the Federal Office for Information Security (BSI). The KPMG Alpen-Treuhand GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft issued the attestation. The C5 attestation from KPMG pursuant to the requirements of the BSI is a recognized and reliable proof which transparently reveals the high level of information security of the Fabasoft Cloud for all Fabasoft Cloud customers. 

The catalogue of requirements of the BSI specifies the minimum requirements that cloud service providers must meet. The defined surrounding parameters are an integral characteristic of the BSI C5 and ensure transparency with regard to system description, jurisdiction and locations of data storage, data processing and data backup, disclosure and investigation powers, as well as certifications



ISAE 3402 Type 2

The International Standard on Assurance Engagements (ISAE 3402) is the international testing standard that assesses the effectiveness of internal control systems (IKS) of service providing organizations. The standard was created by the International Auditing and Assurance Standards Board (IAASB) as a successor to the SAS 70 Standard. Up until 2011 Fabasoft was tested according to the AICPA´s reporting standard SAS 70 Type 2, afterwards according to ISAE.

ISAE 3402 aims to extensively test an organization´s internal control system and to rate its effectiveness in detail. The testing takes place over a six month period. The ISAE 3402 test report contains the opinion of an external test company on the control procedure at the service provider, a description of the control points, the test methods and controls, information about the test period and a statement about the effectiveness of the controls.


ISAE 3000 SOC2 Type 1

Fabasoft completed the SOC2 Type 1 audit for its Fabasoft Cloud, marketed under the name Fabasoft Business Process Cloud since the beginning of 2020. KPMG Alpen-Treuhand GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft issued the audit report.

As part of the audit process, KPMG checked whether the Trust Service Criteria (TSC) for Security – issued by the American Institute of Certified Public Accountants (AICPA) – are being adhered to. Therefore the existing internal control mechanisms for the services offered – for example with regard to risk minimization, access controls, monitoring measures or communication – were examined and documented. The audit took the form of an ISAE 3000 Type 1 audit (testing the design and implementation for a cut-off date) and lasted approximately four weeks. Fabasoft received the final audit results as an ISAE 3000 SOC2 Type 1 report.