CGM receives C5 attestation according to BSI Criteria

Koblenz - CompuGroup Medical (CGM) has received C5 attestation (Type 1) for cloud services in Germany in accordance with the criteria of the German Federal Office for Information Security (BSI). Cloud products of CGM have been attested compliance with C5 criteria retroactively as of May 31, 2024 by an independent auditing company.

The German Digital Act (DigiG) prescribes C5 (Type 1) as the security standard for cloud services in the German healthcare and social services sector from July 1, 2024. C5 (Cloud Computing Compliance Criteria Catalogue) was developed by the BSI and specifies requirements for secure cloud computing. It contains more than 120 security criteria, including the areas of information security organization, physical security, regular operations, portability and interoperability. These criteria are regularly reviewed by independent auditors.

“CompuGroup Medical offers its customers high security standards in the processing of healthcare data. The C5-attested cloud applications in Germany are another milestone on this path,” says Michael Rauch, CEO of CompuGroup Medical. 

The C5 attestation provides customers with important guidance when selecting a cloud provider and supports healthcare professionals in meeting the strict requirements for information security. Based on a standardized examination and report, it provides transparency on the information security status of a cloud service.

Further information on the C5 attestation for CGM can be found here: www.cgm.com/c5-testat