Data Protection lawyers with 50+ years of experience

Free initial consultation

Your partner for C5 attestation

Comprehensive support in assessing the new legal requirements of the DigiG and Section 393 SGB V and their impact on your organization. We guide you through the preparation for the C5 attestation, from implementing necessary IT security measures to the audit by a certified auditor.

Boris Arendt

Boris Arendt, partner at Simpliant with 15 years of project experience in information security.

C5 overview

The C5 attestation for cloud services

The new Digital Act according to Section 393 SGB V requires SaaS providers in the healthcare sector to obtain a C5 attestation, thereby increasing IT security requirements.

What is the C5 criteria catalog?

The C5 criteria catalog is an audit standard developed by the BSI that specifies minimum requirements for secure cloud computing. It includes 125 criteria across 17 subject areas that cloud providers must meet, regardless of the application context.

Who needs to obtain a C5 attestation?

Cloud providers in the healthcare sector must obtain a C5 attestation to ensure they meet the required security standards.

How to obtain a C5 attestation?

First, all required IT security measures must be implemented according to the criteria of the C5 catalog, and then reviewed by a certified auditor to ensure compliance.

Our Service

Comprehensive consulting for your C5 attestation

We provide comprehensive support in implementing the required security measures, creating a detailed system description, and preparing for the audit by a certified auditor. We guide you safely to your C5 attestation.

Step 1

3 - 5 person-days

GAP analysis and project plan

  • Kick-off workshop

  • Structural analysis

  • GAP analysis and project plan

Step 2

20 - 40 person-days

Implementation consulting

  • Risk assessment and management

  • Measure implementation

  • Training and education

Step 3

10 - 20 person-days

Auditing and attestation by certified auditors

  • Internal audit

  • Support during external audits

  • Follow-up


Do you need a C5 attestation?

Check here to see if your cloud service must obtain a C5 attestation according to the new Section 393 SGB V.

Section 393 SGB V applicability check

Are you providing a cloud service?

Legal advice

Simpliant Legal - Wittig, Bressner, Groß Rechtsanwälte Partnerschaftsgesellschaft mbB


Simpliant GmbH


Simpliant Technologies GmbH

Data protection

We will support you in implementing all data protection requirements with the GDPR.

Information security

We support you in setting up a holistic ISMS such as ISO 27001.

Artificial intelligence

We advise you on the integration of AI and develop legally compliant usage concepts.

© 2019 - 2024 Simpliant