Recommended Measures | Protection class 1 | Protection class 2 | Protection class 3 | Protection class 3+S |
|---|---|---|---|---|
| Participate in a distributed, secure cryptographic key source with your own ‘sovereignty anchor.’ This ensures your independence from individual service providers and guarantees that, in an emergency, you always have access to your data and can at least maintain essential services. | - | - | - | |
| Implement a vendor-independent backup for your data and, if necessary, also for your most important software systems. | - | - | - | |
| Make sure you are not overly dependent on a single software provider. With open-source software, your transfer costs when switching providers are minimal. | - | - | - | |
| Meet the technical and organizational requirements of relevant criteria catalogs (e.g., those of the AUDITOR data protection certification procedure) in accordance with protection class requirements 3. | - | - | ||
| Use Confidential Computing to technically prevent unauthorized access by privileged administrators or criminals impersonating them, and to continuously verify the integrity of computing resources remotely through "Remote Attestation". | - | - | ||
| If possible, secure access to the software you use, e.g. by depositing it with a trustee (escrow). | - | - | ||
| Meet the technical and organizational requirements of relevant criteria catalogs (e.g., those of the AUDITOR data protection certification procedure) in accordance with protection class requirements 2. | - | |||
| Choose service providers that offer transparency and control over audits, certificates, attestations and/or approvals. | - | |||
| Meet the technical and organizational requirements of relevant criteria catalogs (e.g., those of the AUDITOR data protection certification procedure) in accordance with protection class requirements 1 and thus the minimum legal requirements. | ||||
| Choose execution environments protected by Confidential Computing to run more diverse workloads on a single server. This improves the economics of the computing infrastructure by several orders of magnitude. |
The Sovereignty Calculator presented here is based on the data protection requirement classes of the AUDITOR/TCDP certification procedure. In addition to data protection aspects, questions regarding the importance of information technology for the operation of a company or the processes of an organization have also been included. The recommendations provided in accordance with the determined level of protection are likewise oriented toward the AUDITOR/TCDP requirements catalog, which in turn is based on the relevant ISO/IEC standards, while also taking into account the current state of the art, for example with regard to “Confidential Computing.