Information security audits create transparency and security for customers and partners. Certifications such as ‘SOC 2 Type 2’ (System and Organisation Controls 2) from the AICPA (American Institute of Certified Public Accountants) and conformity with the ‘Cloud Computing Compliance Criteria Catalog (C5)’ from the German Federal Office for Information Security (BSI) are now a requirement in many tenders and are also checked as part of supplier audits. Such independent assessments are becoming increasingly important, especially for companies that offer cloud services.

In October 2024, the Aachen-based IT provider for the energy and water industry KISTERS successfully demonstrated compliance with the SOC 2 Type 2 and BSI C5 Type 2 criteria for its KISTERScloud services in a combined audit. The addition ‘Type 2’ means that KISTERS not only fulfilled the criteria at a certain point in time (Type 1), but that the company has consistently implemented the measures for information security and data protection for an entire year and was able to prove this accordingly. “The independent testing of the criteria catalogues according to SOC 2 and C5 complements our certification according to the international standard ISO 27001, which has been in place since 2017, and represents another important step in the continuous improvement of our information security,” explains Dr Heinz-Josef Schlebusch, CISO of the KISTERS Group. “The new Type 2 attestations confirm the effectiveness of our measures.”

“IT security and data protection are our top priorities,” adds Klaus Kisters, CEO of the KISTERS Group. “Independent attestations and certifications in accordance with internationally recognised regulations make our cost-intensive security measures tangible for our customers. They strengthen trust in KISTERS as their IT service provider and at the same time help them to fulfil their own regulatory requirements in the area of information security.”

Strict criteria fulfilled.

The SOC 2 attestation proves that the KISTERScloud services fulfil the requirements of the five Trust Services Criteria (TSC) security, availability, processing integrity, confidentiality and data protection. This means, among other things, that extensive and appropriate measures have been taken to control data security, to protect customer data from unauthorised access, to detect anomalies and security incidents and to ensure the availability of the IT systems to the required extent. Compliance with the German Federal Offices‘ minimum requirements for cloud service providers (C5) proves that operational processes are checked and monitored, that appropriate security precautions are in place for the IT infrastructure and that customer data is reliably available and usable.


Driving the energy revolution, addressing the impacts of climate change and promoting the sustainable use of resources are the key drivers and motivators behind our work. The responsible use of the earth’s resources is ingrained in our philosophy. Our commitment is evident in the development of solutions that empower our customers to make informed decisions and act responsibly. With over 60 years of experience in digitally capturing the changing world, analysing and visualising data, we strive to contribute to a more sustainable future.

Firmenkontakt und Herausgeber der Meldung:

Pascalstraße 8 + 10
52076 Aachen
Telefon: +49 (2408) 9385-0
Telefax: +49 (2408) 9385-555

Astrid Beckers
Leitung Marketing | Presse- und Öffentlichkeitsarbeit
Telefon: +49 (9131) 48009639
Für die oben stehende Story ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.
