Successful audit: Claranet again receives SOC 2 Type II report based on AICPA TSC and BSI C5
Certification confirms comprehensive data protection and implementation of the requirements for secure cloud computing
Claranet DACH has been certified in accordance with the AICPA Trust Services Criteria 2017 and Cloud Computing Compliance Criteria Catalogue (C5:2020) of the German Federal Office for Information Security (BSI). Compliance with the requirements was verified by an independent auditor as part of an audit in accordance with the international standard ISAE 3402 and the national standard IDW PS 951.
The AICPA Trust Services Criteria (TSC) 2017 define guidelines for assessing and improving the trustworthiness and integrity of organisations' services and systems. These criteria cover the five main categories of security, availability, processing integrity, confidentiality and data protection.
The C5 criteria catalogue defines requirements that cloud service providers must meet in order to be considered secure. Around 120 security measures are defined, including in the areas of physical security, network security and system and application security.
As in previous years, Claranet successfully passed this audit.
The result of this year's assessment is a SOC 2 Type II report on the audit of the service-related internal control system (ICS). The report confirms that Claranet DACH has an efficient internal control system for the accounting-related business processes outsourced to it. It also certifies that all applicable C5 basic requirements are met and that no deviations were identified. In addition, the auditors certified that the control systems were properly designed, that all implemented measures worked effectively during the audit period January - December 2025 and that all incidents and changes were properly documented.
Our customers' trust in our services is of central importance to Claranet - far beyond technological performance. The current SOC 2 Type II report confirms that we continue to fulfil high standards of security and internal controls. Our customers can therefore rest assured that their data and systems are in good hands with us.