We support your company

We offer experience in dealing with a wide range of standards and test catalogs. The points listed here result from our recent projects and are not an exhaustive list. If you have any questions about other standards, please write to us or give us a call.


The BSI C5 (Cloud Computing Compliance Criteria Catalogue) is aimed at professional cloud service providers, their auditors and customers. The criteria catalog sets minimum requirements for secure cloud computing and serves as a basis for companies to better assess cloud security. It also combines a large number of minimum requirements in a single document by comprehensively mapping common certificates.

ISO 2700x

The ISO 27000 family for information security consists of the overriding standards:

  • ISO27001, Requirements for an Information Security Management System (ISMS)
  • ISO27002, control mechanisms
  • ISO27003, further implementation guidelines
  • ISO27004, key figure systems for ISMS
  • ISO27005, Risk Management
  • ISO27006, certification of information security management systems
  • ISO27007, Guidelines for the audit.
    There are also other subordinate standards such as ISO 27017/18 for security and data protection in the cloud.

ISO 22301

As an internationally recognized certification standard, ISO 22301 has been providing valuable benefits since 2012:

  • Optimal preventive measures for unavoidable threats
  • Identification and minimization of unexpected disturbances
  • Acting responsibly towards customers and suppliers in case of emergency
  • Minimization of downtime and recovery time
  • Strengthened trust and demonstration of responsibility towards all actors


The DCSO Cloud Vendor Assessment Service assesses the security level of cloud service providers and provides them with this information in a platform-supported manner. The service is a building block for meeting requirements in the areas of information security, data protection and compliance.


The regulatory requirements for IT, now divided into three areas, are administrative instructions for German credit institutions, insurance special purpose vehicles or the capital management companies. These are also accompanied by a circular from the Federal Financial Supervisory Authority (BaFin). These publications deal with the secure design of IT systems, the associated processes and their requirements for IT governance.


General Data Protection Regulation (GDPR) is a European Union regulation that harmonizes the rules for processing personal data throughout the EU. This is intended in order to ensure the protection of personal data within the European Union and the free movement of data within the European internal market.

In the last three years, Enterprise Open Systems has successfully implemented the above-mentioned frameworks for its customers in the DACH region. Design, implementation, documentation and exercises are integral parts of our services.

Just contact us!