Clean & Elegant
Fully Responsive

Trust, but Verify
Certifications and Seals Awarded to DRACOON

We developed our cloud service completely with the customer in mind. Nevertheless, it’s important to us that we not only impress you with our own detailed descriptions of our solution and our outstanding team, but that external institutions also evaluate and certify our successful product DRACOON. This is how we ensure that our customers always enjoy maximum data security.


BSI C5 Certification

The BSI’s catalog of requirements for cloud computing (C5) defines requirements and obligations that a cloud provider must meet in order to certified as having implemented a high standard of information security. The catalog of requirements takes the recognized ISO 27001 standard and adds further aspects to it that are relevant to a cloud provider and establish a baseline level of security. An audit on the basis of this catalog of requirements can only be carried out by an independent, third-party auditor. This auditor produces a detailed audit report covering all aspects of information security at the organization. As a result, customers receive confirmation that information security at an accredited cloud provider has been thoroughly tested and is extremely high.

In this context, DRACOON was audited and successfully certified by the auditing firm PricewaterhouseCoopers (PwC).

Here can be found additional information about the BSI's C5 catalog


ISO/IEC 27001:2013- Certification

ISO/IEC 27001 is an internationally recognized standard that certifies a company’s successful implementation and operation of an information security management system (ISMS). An ISMS manages and monitors all of a company’s information and specifies instructions on how to handle information worthy of protection. This ISO certification helps customers identify service providers that comply with information security regulations and therefore protect the customer’s information.

Here can be found additional information about ISO/IEC 27001.


IDW PS 951

Through outsourcing and cloud computing, companies today have the opportunity to outsource processes and in doing so, streamline their organizational structures. Nevertheless, the companies still remain ultimately responsible for these processes. For this purpose, an auditor can carry out its own extensive audit activities or simply rely on an audit report in accordance with IDW PS 951 (“Audit of a service provider’s internal control system for processes outsourced to the service provider”). This is because IDW PS 951 serves to document the internal control system’s suitability and effectiveness. The benefit of this for customers is that it eliminates or limits the scope of recurring audits, reduces liability risks, and increases efficiency during an audit.

In this context, DRACOON was audited and successfully certified by PwC, the leading auditing and consulting firm in Germany.

We will gladly provide you a copy of the audit report upon request.

DRACOON - IT Security made in EU

IT Security made in EU

On the occasion of the debate on European digital sovereignty, the IT Security Association Germany (TeleTrusT) established the declaration of conformity "IT Security made in EU" for its members. To be allowed to use the trust mark, the following criteria must be met:

  1. The company headquarters must be in the EU.
  2. The company must offer trustworthy IT security solutions.
  3. The products offered must not contain any hidden access points (no "backdoors").
  4. The company's IT security research and development must take place in the European Union.    
  5. The company must undertake to comply with the requirements of the EU data protection basic regulation. 

DRACOON meets these criteria and is officially listed as a trademark holder.
Here you can find further information about the initiative IT Security made in EU.


Software Made in Germany

The “Software Made in Germany” seal is an initiative by the Federal Association of IT SMEs (BITMi e.V.) and is awarded to German companies that combine first-class service with outstanding quality and future viability, based on the following criteria:

  • The manufacturer of the software is a company based in Germany and the software’s main development steps are carried out in Germany
  • The user interface, the help system, the documentation, and service and support are available to the end user in multiple languages and/or in German
  • The software is a safe investment and its further development is contractually guaranteed

Software Hosted in Germany

The “Software Hosted in Germany” seal is an initiative by the Federal Association of IT SMEs (BITMi e.V.) and recognizes software that can be used online that complies with German privacy law and other criteria, including:

  • The software and data are hosted in a data center in Germany
  • The software and personal data do not leave Germany unless the customer requests such a transfer
  • The use of services that transfer non-personal data abroad must be clearly indicated to the user or the client
  • The hosting contract is exclusively governed by German law, in particular German privacy law, the German Civil Code, and the German Commercial Code.
  • The companies awarded the “Software Hosted in Germany” seal submit an up-to-date overview of their technical and organizational data protection measures to BITMi e.V. (see section 9 of Germany’s Federal Data Protection Act)

Information Services Group (ISG)

Through its studies, the Information Services Group (formerly Experton Group) offers valuable assistance to companies when it comes to selecting the right business partners. For example, in its latest Cloud Transformation/Operation Services & XaaS ISG Vendor Benchmark 2019, the firm analyzed providers in the file-sharing environment for the German market. Its recent Enterprise Cloud File Sharing Quadrant report gives users a comprehensive and detailed overview of the market. Within the framework of the independent study, 19 companies were classified as relevant and positioned within the quadrant. DRACOON was named the leader in this segment.

Additional information about the study by ISG can be found here.


Validated IT Security from TÜV Hessen

TÜV Hessen audited DRACOON with respect to criteria such as network security, emergency management, privacy and information security, backup systems, as well as advanced training and compliance, including through the use in-depth questions.

Additional information about TÜV Hessen.

Planned Certifications

  • ISO 22301:2014 (Business Continuity Management)
    Certification by TÜV Rheinland planned for fall 2020
    IEC 22301 is an internationally recognized standard that certifies a company’s successful implementation of a business continuity management system (BCMS). Companies with a BCMS can react appropriately to outages and interruptions to their business activities in order to resume operations efficiently and safely. This certification demonstrates to customers that DRACOON has taken measures to guarantee maximum system availability and to manage interruptions in a systematic manner.
  • ISO 27017:2015 (Information Security for Cloud Services)
    Certification by TÜV Rheinland planned for fall 2020
    ISO 27017 extends ISO 27001 to include information security requirements for cloud service providers. This certification demonstrates that DRACOON also meets these additional requirements.
  • ISO 27018:2019 (Protection of Personally Identifiable Information in Cloud Services)
    Certification by TÜV Rheinland planned for fall 2020
    ISO 27018 extends ISO 27001 to include requirements for the protection of personally identifiable information (PII) by cloud service providers acting as PII processors. With this certification, DRACOON demonstrates that it meets all of the ISO requirements as a processor of customers’ PII in this field as well.


10 users and 10 GB – free forever.
Save and share your files in a GDPR-compliant manner for an unlimited period of time!

Try now