C5 (Cloud Computing Compliance Controls Catalog)

This topic describes how Snowflake supports customers with C5 compliance requirements.

Understanding C5 compliance requirements

The Cloud Computing Compliance Controls Catalog (C5) is an audited standard establishing mandatory baselines for cloud security. The framework was created by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI). C5 was initially created for government agencies and organizations that work with the government to ensure that security baselines are met by their cloud service providers (CSPs). The private sector has also adopted this framework for evaluation of the security of their CSPs. The framework is based on ISO 27001, CSA, and BSI’s IT-Grundshutz catalogs. The certification can be obtained for either the Basic requirements or Basic + Additional Criteria. Snowflake’s C5 scope currently includes the Basic requirements.