T-Systems operates data networks and processes data on behalf of its customers worldwide in its own data centers, giving absolute top priority to data protection and data security. The ICT provider therefore has its services audited regularly by independent institutes. Furthermore, the provider has its compliance with global standards accredited, for instance, through respective certifications.
As an internationally established standard, ISO 9001 outlines the minimum requirements for a quality management system that an organization must fulfill in order to provide products and services that meet both customer expectations and legal requirements.
As an international standard, ISO/IEC 27001 defines requirements for the rollout, implementation, monitoring, and optimization of information security management systems (ISMS).
This ISO/IEC 27701 standard specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a privacy information management system in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management.
The internationally valid ISO standard 22301 provides the framework for holistic business continuity management in the company in order to minimize potential damage in the event of a disruption.
ISO/IEC 20000-1 specifies requirements for service providers for the enhanced planning, rollout, implementation, operation, monitoring, review, maintenance, and improvement of their SMS.
This certification is proof of a cost-effective and efficient environmental management system. ISO 14001 identifies weaknesses in the environmental management system, thus laying the foundation for a continuous improvement process.
The emphasis of the ISO 45001 standard is on the protection of people, their occupational safety, and health care. Preventive measures must be implemented to avoid accidents and illnesses.
ISO/IEC 27017 provides guidance on the information security aspects of cloud computing. The standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
This standard provides controls and implementation guidance for both cloud service providers and cloud service customers to help make cloud services as safe and secure as the rest of the data included in a certified information management system.
ISO/IEC 27018 establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, ISO/IEC 27018 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services. The standard provides guidance aimed at ensuring that cloud service providers offer suitable information security controls to protect the privacy of their customers’ clients by securing PII (Personally Identifiable Information) entrusted to them.
With the TCDP 1.0 certificate, T-Systems is the first IT Service Provider to recieve a legally compliant data protection certification for defined cloud services. A certificate based on the Trusted Cloud Data Protection Profile (TCDP) makes it much easier for companies to fulfill the control obligations for commissioned data processing. The TCDP formulates objective criteria that can be used to compare the security level of different cloud services. These criteria are grouped into clear protection classes. By selecting a service with the TCDP certificate, the control obligations are fulfilled according to the German Federal Data Protection Act. TCDP is based on ISO 27001 and ISO 27018.
Advantages for our customers:
See the official listing at TCDP (German)