Thinkproject solutions pass SOC 2 audit

The SOC 2 and C5 attestations prove that Thinkproject’s SaaS-based Common Data Environments (CDE) – CONCLUDE CDE and EPLASS CDE – have the highest level of security for cloud solutions. SOC 2 is originally a U.S. standard according to which service organisations generate reports on the status of defined internal control parameters. These parameters include the security and availability of the data, the integrity of the data processing, confidentiality and data protection aspects.

The American Institute of Certified Public Accountants has defined this security standard in accordance with the AICPA Trust Services Principles and Criteria. Closely related to the criteria of SOC 2 is the specifically German criteria catalogue C5 of the German Federal Office for Information Security (BSI).

An attestation according to the BSI’s C5 criteria catalogue can also be regarded as an indicator that a provider of cloud services protects its infrastructure as strongly as possible against cyberattacks. The BSI’s C5 catalogue comprises 17 categories (domains), which consist of basic criteria, additional criteria and supplementary information.

In total, the C5 catalogue defines 127 requirements (controls) across the entire company, its processes and its personnel. For example, C5 deals with requirements relating to personnel deployed, physical security compliance, identity and rights management, communication security, cryptographic measures and key management, as well as the handling of security incidents.

“In Germany, C5 conformity is often a mandatory, legally required criterion for public sector tenders,” explains Dr. Ralf Hundhammer, CTO of Thinkproject. “This catalogue of requirements from the BSI has similar relevance for operators of critical infrastructure and for financial institutions. One could say that the C5 attestation of subcontractors such as Thinkproject is indispensable for operators of KRITIS to ensure verified, highest possible information security. But the triumph of cloud computing continues throughout the economy, worldwide,” says Thinkproject CTO Ralf Hundhammer. 

“Whether SOC 2 or C5 – more and more companies are paying close attention to the fact that a provider meets the relevant security standards when choosing a cloud or SaaS provider, if only out of well-understood self-interest. In this context, the great advantage of criteria catalogues such as SOC 2 and C5 is that they specifically address security in cloud computing. In the cloud sector, they have much more granular requirements than ISO 27001, for example. With the successful SOC 2 and C5 audit, we can now document that we meet all security requirements at Thinkproject: from general certification according to ISO 27001 to cloud-specific attestations. For us and for our customers, cybersecurity is rightly a topic of central importance,” he adds, “because digitalization and information security must go hand in hand.” 

By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem. With 650+ employees, Thinkproject offers digital solutions in 60 countries worldwide that cover the entire lifecycle of a construction project. Thinkproject supports more than 750,000 users in 75,000 projects at more than 3,250 customers.

For more information, please visit www.thinkproject.com

Press contact: Julia Schreiber, Möller Horcher Kommunikation GmbH, julia.schreiber@moeller-horcher.de, +49 3731 2070915