Meet the technical and organizational requirements of relevant criteria catalogs (e.g., those of the AUDITOR data protection certification procedure) in accordance with protection class requirements 1 and thus the minimum legal requirements
|
| Choose service providers that offer transparency and control over audits, certificates, attestations and/or approvals. |
| Meet the technical and organizational requirements of relevant criteria catalogs (e.g., those of the AUDITOR data protection certification procedure) in accordance with protection class requirements 2. |
| This protection class includes all measures of Protection Class 1. |
Meet the technical and organizational requirements of relevant criteria catalogs (e.g., those of the AUDITOR data protection certification procedure) in accordance with protection class requirements 3
Use Confidential Computing to technically prevent unauthorized access by privileged administrators or criminals impersonating them, and to continuously verify the integrity of computing resources remotely through "Remote Attestation".
| If possible, secure access to the software you use, e.g. by depositing it with a trustee (escrow). |
This protection class includes all measures of Protection Classes 1 and 2.
Participate in a distributed, secure cryptographic key source with your own ‘sovereignty anchor.’ This ensures your independence from individual service providers and guarantees that, in an emergency, you always have access to your data and can at least maintain essential services.
Implement a vendor-independent backup for your data and, if necessary, also for your most important software systems.
Make sure you are not overly dependent on a single software provider. With open-source software, your transfer costs when switching providers are minimal.
This protection class includes all measures of Protection Classes 1 to 3