IT certificates

for auditable services

ISO 9001

ISO 9001 specifies the requirements for a Quality Management System (QMS) that can be used in a company. Products, services and, in particular, processes of an ISO 9001 certified company must comply with the requirements defined in the standard. Companies that have successfully implemented the ISO 9001: 2015 standard deploy defined processes for the continuous improvement of products and services and have the ability to demonstrate / furnish proof of compliance with the requirements.

ISO/IEC 27001

The international standard ISO/IEC 27001 specifies the requirements for an information security management system taking into account the context of an organization. The requirements of the standard include installation, implementation, operation, maintenance and continuous improvement.

noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 27001 by DQS (German Association for the Certification of Management Systems) since 2007 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.

The scope covers all business areas of noris network AG: “solutions, products and services in the areas of IT outsourcing, cloud services, managed services, network and security and data center infrastructures and operations”.

The Statement of Applicability (SoA) comprises all recommended measures as specified in the standard (“A.5” – “A.18”).

DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.

ISO 27001 certificate based on IT baseline protection strategy

Along with the IT baseline protection catalogs and their recommendations on standard security measures the IT baseline protection methodology is now a de-facto standard for IT security.

Based on ISO/IEC 27001, ISO 27001 certificate based on IT baseline protection strategy not only indicates whether IT security is implemented and improved according to plan, but also what level of IT security has already been achieved and how the concrete technical implementation will take place. This level of IT security is checked and confirmed by an auditor accredited by the German Federal Office for Information Security (BSI).

Since May 2014, the Nürnberg Zentrum and Nürnberg Süd data centers — and, as from 2017, also the new München Ost data center — are certified in terms of the “provision and operation of data centers and their infrastructure and operational services” by the Federal Office for Security in Information Technology (BSI).

In the BSI-IGZ-0280-2017 certificate the information pool “Provision and maintenance of data centers and their infrastructure as well as operations services” is considered to have “high” protection needs.

The certification comprises all processes and systems that are involved in the operation of housing / colocation services in noris network’s own data centers. This includes the operation of the data centers and the surrounding units, such as air conditioning systems, UPS and (emergency) power systems, access control systems and camera monitoring. The related “Housing” division is operated by noris network itself.

noris network is fully responsible for the respective services with its own staff at the sites. All critical services are operated by the company itself. In the event that external housing services (for example, maintenance of air-conditioning systems) are purchased, the corresponding service providers are monitored with appropriate specifications within the framework of their own process responsibility, in order to ensure secure and highly available data center operations at all times.

All relevant data center services are mapped in accordance with ISO 27001 (IT baseline protection), ISO / IEC 27001, and ISO / IEC 20000-1.

ITIL^®

noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.

Linux Professional Institute Certification (LPIC)

The Linux Professional Institute (LPI) is considered to be the world’s leading professional certification program of the Linux community. We have our staff regularly qualified by participating in LPI and LPIC programs at different levels.

Kubernetes Certified Service Provider (KCSP)

The KCSP program certifies service providers who have extensive experience and support companies in successfully deploying Kubernetes. The KCSP partners offer support, consulting, professional services and training in terms of Kubernetes for companies starting their Kubernetes journey.

Microsoft Gold Certified Partner

Based on the very extensive training and certification program for our staff we have become a Gold Certified Partner to Microsoft. This demonstrates our expertise in the operation of Microsoft solutions and ensures high quality consultation services for our customers.

Oracle

As an Oracle Gold Partner with extensive special certifications for Oracle databases, Oracle hardware and Oracle middleware, we offer qualified and comprehensive support for your Oracle solutions. From procurement of licenses to design, operation and optimization of your databases: you get everything from a single source.

Have your dedicated Oracle setup managed by our dedicated Orace DBA (Database Administrator) team and experience the availability and performance that your business deserves!

Dell-EMC-Platinum-Partner

As one of 52 Dell EMC Platinum Partners in 2019, we can rely on an intensive partnership and pass on benefits such as discounts to our customers. Achieving the highly demanding requirements of this award demonstrates our expe Achieving the highly demanding requirements of this award demonstrates our expertise and many years of experience as a cloud service provider in partnership with Dell EMC.

In addition to the financial opportunities this offers for us and thus for our customers, we also have access to numerous seminars to further strengthen the knowledge of our employees in this area.

With us as a “Cloud Service Provider” you are well positioned in terms of quality and can rely on verifiable know-how. This award represents Dell EMC’s commitment to us as your reliable partner – benefit from it too!

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is based on the security programs Visa Account Information Security (AIS) and MasterCard Site Data Protection (SDP).

This is the worldwide standard for the safety of card data. The PCI DSS security guidelines are effective in preventing misuse and theft. Housing services for customers in Noris data centers are PCI DSS certified.

ISO 14001

The certification according to the international standard ISO 14001 is proof of compliance with globally recognized requirements for an environmental management system. This green symbol is a visible sign for responsible use of natural resources. More efficient consumption of energy and raw materials, waste minimisation and selective risk avoidance – all this is part of the environmental management system according to ISO 14001.

Since the end of 2017, the office and data center locations of noris in Nuremberg have been certified according to ISO 14001 and are thus positioned as a sustainable company with goals of continuously improving environmental performance. At the same time, the company has established its own environmental management system and introduced an internal environmental policy.

EN 50600

As the first certification, EN 50600 integrates all aspects of a data center’s certification processes, including operations, management and key performance indicators. As a result, it creates international comparability.

The data center MUC5 from noris has been certified by DQS according to EN 50600 with the highest categories of the corresponding availability classes, i. e. VK4 (availability class 4 of 4), SK4 (protection class 4 of 4) and EK3 (energy efficiency class 3 of 3). noris network has fully implemented the requirements of EN 50600 with regard to general concepts, building design, power supply, regulation of environmental conditions, telecommunications cabling infrastructure and security system, i. e. the security requirements.

VdS 3406

Security is a basic prerequisite for successful business activities and should accordingly be the result of planned strategic action. This requires the recognition of imminent dangers and coordinated measures to counteract them as planned. The new guidelines VdS 3406 “Safety Management for Structural Objects” form the systematic framework for all these individual aspects. They help to document to third parties that integrated management, systematic balance sheet protection and certified risk provisioning are actively practised values.

noris has had its security management system certified according to the VdS 3406 guideline as the very first data center operator and second company at all. This guideline supplements and specifies the requirements with regard to corporate security from further norms and standards that are already in force at noris.

TISAX

TISAX (Trusted Information Security Assessment Exchange) enables the mutual recognition of information security assessments in the automotive industry and provides a common assessment and exchange mechanism. The evaluation results always remain under the control of the evaluated companies.

The effectiveness of the control processes and their current implementation are assessed on the basis of the procedure specified in TISAX, as published at the time of ENX reporting.

Detailed information on TISAX can be found at http://www.enx.com/tisax/.

Scope ID: SKMCWZ
Assessment ID: ATYHG8-1

The test results can be viewed at the following link: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults

TISAX and the test results obtained are not intended for the general public.
TISAX is a registered trademark and is subject to the ENX Association.