Compliance & Certification

GDPR Compliant

C-Facts® has been GDPR compliant since 2019. As a C-Facts® customer, please ensure compliance to this legislation especially when personal data is registered in the C-Facts® Application. The credentials to be compliant are part of the online onboarding procedure.

CSA STAR Certified

C-Facts® announced her certification at the Cloud Security Alliance (CSA) in the Security Trust and Assurance Register (STAR). This worldwide accepted program is a complimentary offering that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering using.

Cloud providers either submit a completed Consensus Assessments Initiative Questionnaire (CAIQ), or submit a report documenting compliance with the Cloud Controls Matrix (CCM). This information then becomes publicly available, promoting industry transparency and providing customer visibility into specific provider security practices.

The Code Self-Assessment covers the compliance to GDPR of the service(s) offered by a CSP. A company after the publication of the relevant document on the Registry will receive a Compliance Mark valid for 1 year. The Self-Assessment shall be revised every time there’s a change to the company policies or practices related to the service under assessment.

Security and Compliance of C-Facts® Application

C-Facts® monitors and maintains total control of your cloud’s security and compliance posture with proactive monitoring, alerts and reports, providing confidence that your cloud is stable, secure and compliant.

ISO27001-2013 Certification

ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information risks (called ‘information security risks’ in the standard). The ISMS is an overarching management framework through which the organization identifies, analyzes and addresses its information risks. The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impacts – an important aspect in such a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to, say, PCI-DSS.

The standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profits), all sizes (from micro-businesses to huge multinationals), and all industries or markets (e.g. retail, banking, defense, healthcare, education and government).

C-Facts® Operations is ISO27001-2013 (and GDPR) compliant.

EU-based Service Provider

As a European Union based service provider we ensure GDPR compliancy, but above all, data is stored within the EU in order to meet compliance requirements in the sector.

Company liability

C-Facts® has a EUR 2,500,000 liability coverage per claim. All terms & conditions can be obtained by contacting the Customer Services Department of C-Facts®. The conditions of liability are also described in the Master Agreement.