Woman working in on PC

In 2025, Bechtle obtained a C5:2020 attestation, confirming that its cloud services meet the stringent security requirements defined by Germany’s Federal Office for Information Security (BSI). This initial audit assesses whether the necessary controls are properly designed and in place. A year later, Bechtle advanced to the C5:2020 Type 2 attestation, which confirms that these safeguards are not only implemented, but consistently effective in day-to-day operations – not just on paper. Bechtle has therefore achieved the highest level of C5 assurance currently available for cloud services in Germany. 

“With the C5:2020 Type 2 attestation, we demonstrate that our security and compliance measures are not just well designed, but stand up to the demands of live operations over time. For our customers, this provides dependable assurance of the stability, consistency and long-term security of our managed cloud services,” says Dirk Müller-Niessner, CTO of Bechtle AG. 

At a glance.

  • The C5 catalogue is the benchmark for secure cloud computing in Germany, providing independently verifiable assurance. 
  • Standardised audit and reporting procedures create transparency for customers, regulators and auditors. 
  • In 2025, Bechtle already met 127 audit criteria across 17 areas. 

  • The Type 2 audit confirms both ongoing compliance and the operational effectiveness of the security controls. 

  • The attestation complements international standards such as ISO/IEC 27001, ISO/IEC 20000 and ISAE 3402 Type 2.  

Referent - Dirk Müller-Niessner, Cui bono? KI am Modern Workplace

With the C5:2020 Type 2 attestation, we demonstrate that our security and compliance measures are not just well designed, but stand up to the demands of live operations over time. For our customers, this provides dependable assurance of the stability, consistency and long-term security of our managed cloud services.

Dirk Müller-Niessner, CTO of Bechtle AG

Advancing an established security standard.

The C5:2020 Type 2 attestation is another building block in Bechtle’s comprehensive security and compliance strategy. It complements existing certifications such as ISO/IEC 27001 (information security management), ISO/IEC 20000 (IT service management) and ISAE 3402 Type 2 (assessment of internal controls), all of which already demonstrate high standards of information security and service quality. For customers – particularly in the public sector and highly regulated industries – this attestation is playing an increasingly important role when selecting a cloud provider. The Type 2 report provides a robust basis for risk assessments, compliance requirements and governance decisions.  

Infrastructure, operations and Service Factory.

As in 2025, the audit also covered the infrastructure and processes of Bechtle’s data centres in Frankfurt and Rüsselsheim. The dual-site strategy ensures high availability, scalability and resilience. Over the past years, Bechtle has used its Service Factory to build standardised managed cloud services, enabling automated, scalable delivery across multiple national and international cloud platforms. 

Part of a long-term compliance strategy.

The C5 attestation achieved in 2025 was already seen as an important milestone in strengthening transparency and trust in cloud services. With the sustained effectiveness of its security measures now confirmed, Bechtle underlines its commitment to operating cloud services to consistently high standards of security and quality. C5 attestation will continue to be independently audited each year – a continuous process that ensures ongoing compliance with stringent requirements and gives customers added confidence when choosing a cloud provider.