IT certificates

for auditable services

Your contact person

Joachim Astel
Chief Regulatory Officer (CRO)
T: +49 911 9352-0
Send e-mail

We not only promise security and quality at the highest level, but we can also prove this with our certificates. In this way, you receive continuous, certified and auditable services – from data center infrastructure, through operation of your servers and databases, to complete IT outsourcing.

Certification brochure

Download our certification brochure: This will give you a compact overview of our certifications, as they are the benchmark of objective criteria for industry-specific specifications and governance standards.

Whitepaper certification

Read our whitepaper about certification: It describes, among other things, what certification means and how you can benefit from it as a company.

Certifications

ISO/IEC 20000-1

ISO 20000-1

noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 20000-1 by DQS (German Association for the Certification of Management Systems) since 2013 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.

The scope covers services in all business areas of noris network AG: “outsourcing services, cloud services, managed services, network & security services, provisioning and maintenance of data centers and their infrastructure as well as operations services”. As a result, all processes at noris network AG are geared towards providing the best possible service and meeting the most stringent requirements.

DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.

All staff employed by noris network additionally acquire an ISO 20000 Foundation certificate as personal certification in order to achieve and continuously further develop a consistent understanding and awareness for process flows.

BSI baseline protection

1

ISO 27001 certificate based on IT baseline protection strategy (DAkks | IQNet)

Based on ISO/IEC 27001, ISO 27001 certificate based on IT baseline protection strategy not only indicates whether IT security is implemented and improved according to plan, but also what level of IT security has already been achieved and how the concrete technical implementation will take place. This level of IT security is checked and confirmed by an auditor accredited by the German Federal Office for Information Security (BSI).

Did the surveillance audits for the ISO 27001 certificate based on IT baseline protection strategy take place this year?
Our surveillance audits take place annually in the spring. A new certificate is only issued by BSI, if certificate-relevant information has changed. 


ISO 20000-1

1

ISO 20000-1 (DAkkS | IQNET)

The scope covers services in all business areas of noris network AG. As a result, all processes at noris network AG are geared towards providing the best possible service and meeting the most stringent requirements. DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.


ISO/IEC 27001

1

ISO/IEC 27001 (DAkks | IQNet)

The international standard ISO/IEC 27001 specifies the requirements for an information security management system taking into account the context of an organization. The requirements of the standard include installation, implementation, operation, maintenance and continuous improvement.


ISO 9001

1

ISO 9001 (DAkkS | IQNET)

ISO 9001 specifies the requirements for a Quality Management System (QMS) that can be used in a company. Companies that have successfully implemented the ISO 9001: 2015 standard deploy defined processes for the continuous improvement of products and services and have the ability to demonstrate / furnish proof of compliance with the requirements.


EN 50600

1

EN 50600

As the first certification, EN 50600 integrates all aspects of a data center’s certification processes, including operations, management and key performance indicators. As a result, it creates international comparability.


PCI DSS

1

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is based on the security programs Visa Account Information Security (AIS) and MasterCard Site Data Protection (SDP). This is the worldwide standard for the safety of card data. The PCI DSS security guidelines are effective in preventing misuse and theft. Housing services for customers in Noris data centers are PCI DSS certified.


ISO 14001

1

ISO 14001 – Environmental management

The certification according to the international standard ISO 14001 is proof of compliance with globally recognized requirements for an environmental management system. This green symbol is a visible sign for responsible use of natural resources. More efficient consumption of energy and raw materials, waste minimisation and selective risk avoidance – all this is part of the environmental management system according to ISO 14001.


ISO 50001

1

ISO 50001 – Energy management

The international ISO 50001 standard sets out requirements for companies to introduce, implement and improve an energy management system. With this management system, we transparently present how we manage our energy balance, what contribution we make to sustainable CO2 footprint minimization and how we best manage our energy costs by using energy very efficiently.


KRITIS

1

KRITIS

Definition by the German government: Critical infrastructures are organizations or facilities of major importance for the state community, the failure or impairment of which would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences.

Since 2020, noris network AG with its data centers has officially been part of the KRITIS.


VdS 3406

1

VdS 3406 – security management

Sicherheit ist eine Grundvoraussetzung für erfolgreiche unternehmerische Aktivitäten und sollte dementsprechend das Ergebnis geplanten strategischen Handelns sein.  Diese erfordert das Erkennen drohender Gefahren sowie koordinierte Maßnahmen, um ihnen planmäßig zu begegnen. Die neuen Richtlinien VdS 3406 „Sicherheitsmanagement für bauliche Objekte“ bilden die systematische Klammer über alle diese Einzelaspekte. 


ISO 14001

1

TÜViT TSI Level 4

As one of only a few data centers worldwide, construction phase 2 of the data center Nürnberg Süd is certified according to the TSI.STANDARD of TÜViT in Level 4! This quality level of the TSI.STANDARD stands for very high security requirements and maximum availability.


ISO 14001

1

TISAX

TISAX (Trusted Information Security Assessment Exchange) enables the mutual recognition of information security assessments in the automotive industry and provides a common assessment and exchange mechanism. The evaluation results always remain under the control of the evaluated companies. The effectiveness of the control processes and their current implementation are assessed on the basis of the procedure specified in TISAX, as published at the time of ENX reporting.

Detailed information on TISAX can be found at http://www.enx.com/tisax/.

Scope ID: SLVCP2
Assessment ID: A1M58F-1

The test results can be viewed at the following link: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults


ITIL

1
1

ITIL®

noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.

Declarations of conformity

ITIL

noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.

TISAX (Automotive)

TISAX (Trusted Information Security Assessment Exchange) enables the mutual recognition of information security assessments in the automotive industry and provides a common assessment and exchange mechanism. The evaluation results always remain under the control of the evaluated companies. TISAX and the test results obtained are not intended for the general public. TISAX is a registered trademark and is subject to the ENX Association.

The effectiveness of the control processes and their current implementation are assessed on the basis of the procedure specified in TISAX, as published at the time of ENX reporting. Detailed information on TISAX can be found at http://www.enx.com/tisax/.

  • Scope ID: SLVCP2
  • Assessment ID: A1M58F-1

The test results can be viewed at the following link: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults

BaFin

Since 1996, noris network has been gathering experience in bank hosting and demonstrates strong core competencies in the implementation of setups that focus on IT security and simultaneous compliance with business continuity requirements. According to the directives stipulated in MaRisk and KWG, banks / financial institutions are subject to audits and can be audited by BaFin. Such customers enter into contractual agreements on appropriate audit rights with noris network AG, in order to meet the current and future requirements of the supervisory authority at any time. From the BaFin perspective, the respective bank is free to choose the respective audit framework.

Reports

ISAE 3402 Type I & Type II Report

ISAE 3402 Type II Report

noris network has had testified its own ICS by an external auditor and can exhibit this in the form of an ISAE 3402 Type II certificate.
ISAE 3402 is the international standard for the auditing of outsourced processes and thus fulfils all requirements of IDW PS 951 and the requirements for a SOC1 report (according to SAS70, SSAE16 and the successor standard SSAE18).
The advantage for our customers: noris network can provide a certificate for audits that is recognised as auditor-to-auditor communication (auditor to auditor) and thus meets all requirements of the auditors.

Awards

Bavaria's Best 50

Bavaria’s Best 50

In 2010 and 2015, noris network AG was honored by the Bavarian State Minister for Economic Affairs, Infrastructure, Transport and Technology as one of the best 50 medium-sized companies in Bavaria due to the increase in staff headcount and sales growth achieved over the last few years (with sales growth rates between 25 and 30 percent per year).

Technologies

Linux Professional Institute Certification (LPIC)

Linux Professional Institute Certification (LPIC)

The Linux Professional Institute (LPI) is considered to be the world’s leading professional certification program of the Linux community. We have our staff regularly qualified by participating in LPI and LPIC programs at different levels.

This post is also available in: German