Certifications and Seals Awarded to DRACOON

BSI C5 Certification

The BSI’s catalog of requirements for cloud computing (C5) defines requirements and obligations that a cloud provider must meet in order to certified as having implemented a high standard of information security. The catalog of requirements takes the recognized ISO 27001 standard and adds further aspects to it that are relevant to a cloud provider and establish a baseline level of security. An audit on the basis of this catalog of requirements can only be carried out by an independent, third-party auditor. This auditor produces a detailed audit report covering all aspects of information security at the organization. As a result, customers receive confirmation that information security at an accredited cloud provider has been thoroughly tested and is extremely high.

DRACOON was audited in this context by HKKG, a prestigious legal firm in Germany, and previously by PwC, the leading auditing and consulting firm in Germany.

Here can be found additional information about the BSI's C5 catalog. 

ISO/IEC 27001:2013- Certification incl. ISO/IEC 27017:2015 (Information Security for Cloud Services) and ISO/IEC 27018:2019 (Protection of Personally Identifiable Information in Cloud Services)

ISO/IEC 27001 is an internationally recognized standard that certifies a company’s successful implementation and operation of an information security management system (ISMS). An ISMS manages and monitors all of a company’s information and specifies instructions on how to handle information worthy of protection. This ISO certification helps customers identify service providers that comply with information security regulations and therefore protect the customer’s information.

ISO/IEC 27017 extends ISO 27001 to include information security requirements for cloud service providers. This certification demonstrates that DRACOON also meets these additional requirements.

ISO/IEC 27018 extends ISO 27001 to include requirements for the protection of personally identifiable information (PII) by cloud service providers acting as PII processors. With this certification, DRACOON demonstrates that it meets all of the ISO requirements as a processor of customers’ PII in this field as well.

Here can be found additional information about ISO/IEC 27001.

IDW PS 951

Through outsourcing and cloud computing, companies today have the opportunity to outsource processes and in doing so, streamline their organizational structures. Nevertheless, the companies still remain ultimately responsible for these processes. For this purpose, an auditor can carry out its own extensive audit activities or simply rely on an audit report in accordance with IDW PS 951 (“Audit of a service provider’s internal control system for processes outsourced to the service provider”). This is because IDW PS 951 serves to document the internal control system’s suitability and effectiveness. The benefit of this for customers is that it eliminates or limits the scope of recurring audits, reduces liability risks, and increases efficiency during an audit.

In this context, DRACOON was audited and successfully certified by HKKG GmbH Wirtschaftsprüfungsgesellschaft.

We will gladly provide you a copy of the audit report upon request.

Information Services Group (ISG)

Through its studies, the Information Services Group (formerly Experton Group) offers valuable assistance to companies when it comes to selecting the right business partners. For example, in its latest Multi Public Cloud Services ISG Provider Lens Quadrant Report 2023, the firm analyzed providers in the filesharing environment for the German market. Its recent Secure Enterprise Cloud Filesharing Services Quadrant report gives users a comprehensive and detailed overview of the market. Within the framework of the independent study, 17 companies were classified as relevant and positioned within the quadrant. DRACOON was named the leader in this segment.

Additional information about the study by ISG can be found here.