IT certificates
for auditable services

Your contact person
We not only promise security and quality at the highest level, but we can also prove this with our certificates. In this way, you receive continuous, certified and auditable services – from data center infrastructure, through operation of your servers and databases, to complete IT outsourcing. Following is a selection of our certificates:
Certifications
ISO 20000-1
noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 20000-1 by DQS (German Association for the Certification of Management Systems) since 2013 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.
The scope covers services in all business areas of noris network AG: “outsourcing services, cloud services, managed services, network & security services, provisioning and maintenance of data centers and their infrastructure as well as operations services”. As a result, all processes at noris network AG are geared towards providing the best possible service and meeting the most stringent requirements.
DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.
All staff employed by noris network additionally acquire an ISO 20000 Foundation certificate as personal certification in order to achieve and continuously further develop a consistent understanding and awareness for process flows.
ISO 9001
ISO 9001 specifies the requirements for a Quality Management System (QMS) that can be used in a company. Products, services and, in particular, processes of an ISO 9001 certified company must comply with the requirements defined in the standard. Companies that have successfully implemented the ISO 9001: 2015 standard deploy defined processes for the continuous improvement of products and services and have the ability to demonstrate / furnish proof of compliance with the requirements.
ISO/IEC 27001
The international standard ISO/IEC 27001 specifies the requirements for an information security management system taking into account the context of an organization. The requirements of the standard include installation, implementation, operation, maintenance and continuous improvement.
noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 27001 by DQS (German Association for the Certification of Management Systems) since 2007 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.
The scope covers all business areas of noris network AG: “solutions, products and services in the areas of IT outsourcing, cloud services, managed services, network and security and data center infrastructures and operations”.
The Statement of Applicability (SoA) comprises all recommended measures as specified in the standard (“A.5” – “A.18”).
DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.
ISO 27001 certificate based on IT baseline protection strategy
Along with the IT baseline protection catalogs and their recommendations on standard security measures the IT baseline protection methodology is now a de-facto standard for IT security.
Based on ISO/IEC 27001, ISO 27001 certificate based on IT baseline protection strategy not only indicates whether IT security is implemented and improved according to plan, but also what level of IT security has already been achieved and how the concrete technical implementation will take place. This level of IT security is checked and confirmed by an auditor accredited by the German Federal Office for Information Security (BSI).
Since May 2014, the Nürnberg Zentrum and Nürnberg Süd data centers — and, as from 2017, also the new München Ost data center — are certified in terms of the “provision and operation of data centers and their infrastructure and operational services” by the Federal Office for Security in Information Technology (BSI).
In the BSI-IGZ-0413-2020 certificate the information pool “Provision and maintenance of data centers and their infrastructure as well as operations services” is considered to have “high” protection needs.
The certification comprises all processes and systems that are involved in the operation of housing / colocation services in noris network’s own data centers. This includes the operation of the data centers and the surrounding units, such as air conditioning systems, UPS and (emergency) power systems, access control systems and camera monitoring. The related “Housing” division is operated by noris network itself.
noris network is fully responsible for the respective services with its own staff at the sites. All critical services are operated by the company itself. In the event that external housing services (for example, maintenance of air-conditioning systems) are purchased, the corresponding service providers are monitored with appropriate specifications within the framework of their own process responsibility, in order to ensure secure and highly available data center operations at all times.
All relevant data center services are mapped in accordance with ISO 27001 (IT baseline protection), ISO / IEC 27001, and ISO / IEC 20000-1.
ITIL®
noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.
PCI DSS
Payment Card Industry Data Security Standard (PCI DSS) is based on the security programs Visa Account Information Security (AIS) and MasterCard Site Data Protection (SDP).
This is the worldwide standard for the safety of card data. The PCI DSS security guidelines are effective in preventing misuse and theft. Housing services for customers in Noris data centers are PCI DSS certified.
ISO 14001
The certification according to the international standard ISO 14001 is proof of compliance with globally recognized requirements for an environmental management system. This green symbol is a visible sign for responsible use of natural resources. More efficient consumption of energy and raw materials, waste minimisation and selective risk avoidance – all this is part of the environmental management system according to ISO 14001.
Since the end of 2017, the office and data center locations of noris in Nuremberg have been certified according to ISO 14001 and are thus positioned as a sustainable company with goals of continuously improving environmental performance. At the same time, the company has established its own environmental management system and introduced an internal environmental policy.
EN 50600
As the first certification, EN 50600 integrates all aspects of a data center’s certification processes, including operations, management and key performance indicators. As a result, it creates international comparability.
The data center MUC5 from noris has been certified by DQS according to EN 50600 with the highest categories of the corresponding availability classes, i. e. VK4 (availability class 4 of 4), SK4 (protection class 4 of 4) and EK3 (energy efficiency class 3 of 3). noris network has fully implemented the requirements of EN 50600 with regard to general concepts, building design, power supply, regulation of environmental conditions, telecommunications cabling infrastructure and security system, i. e. the security requirements.
VdS 3406
Security is a basic prerequisite for successful business activities and should accordingly be the result of planned strategic action. This requires the recognition of imminent dangers and coordinated measures to counteract them as planned. The new guidelines VdS 3406 “Safety Management for Structural Objects” form the systematic framework for all these individual aspects. They help to document to third parties that integrated management, systematic balance sheet protection and certified risk provisioning are actively practised values.
noris has had its security management system certified according to the VdS 3406 guideline as the very first data center operator and second company at all. This guideline supplements and specifies the requirements with regard to corporate security from further norms and standards that are already in force at noris.
TISAX
TISAX (Trusted Information Security Assessment Exchange) enables the mutual recognition of information security assessments in the automotive industry and provides a common assessment and exchange mechanism. The evaluation results always remain under the control of the evaluated companies.
The effectiveness of the control processes and their current implementation are assessed on the basis of the procedure specified in TISAX, as published at the time of ENX reporting.
Detailed information on TISAX can be found at http://www.enx.com/tisax/.
Scope ID: SKMCWZ
Assessment ID: ATYHG8-1
The test results can be viewed at the following link: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults
TISAX and the test results obtained are not intended for the general public.
TISAX is a registered trademark and is subject to the ENX Association.
Cloud Vendor Assessment
The Cloud Vendor Assessment Service of the German Cyber Security Organization (DCSO) assesses the security level of cloud service providers. The topics examined range from security management and data protection to the security architecture of cloud services.
Companies that want to use cloud solutions are often concerned about the security of their data. This is where DCSO’s Cloud Vendor Assessment Service comes in, independently and objectively assessing the security level of cloud service providers.
Using a maturity-based assessment framework, the security level of the evaluated and comprehensible results are made available.
Detailed information on CVA can be found at: https://dcso.de/services/cloud-vendor-assessment/
Declarations of conformity
BaFin
Since 1996, noris network has been gathering experience in bank hosting and demonstrates strong core competencies in the implementation of setups that focus on IT security and simultaneous compliance with business continuity requirements. According to the directives stipulated in MaRisk and KWG, banks / financial institutions are subject to audits and can be audited by BaFin. Such customers enter into contractual agreements on appropriate audit rights with noris network AG, in order to meet the current and future requirements of the supervisory authority at any time. From the BaFin perspective, the respective bank is free to choose the respective audit framework.
Reports

ISAE 3402 Type II Report
noris network has had testified its own ICS by an external auditor and can exhibit this in the form of an ISAE 3402 Type II certificate.
ISAE 3402 is the international standard for the auditing of outsourced processes and thus fulfils all requirements of IDW PS 951 and the requirements for a SOC1 report (according to SAS70, SSAE16 and the successor standard SSAE18).
The advantage for our customers: noris network can provide a certificate for audits that is recognised as auditor-to-auditor communication (auditor to auditor) and thus meets all requirements of the auditors.
Awards
Bavaria’s Best 50
In 2010 and 2015, noris network AG was honored by the Bavarian State Minister for Economic Affairs, Infrastructure, Transport and Technology as one of the best 50 medium-sized companies in Bavaria due to the increase in staff headcount and sales growth achieved over the last few years (with sales growth rates between 25 and 30 percent per year).
German Data Center Award 2016
For its new München Ost data center located in Munich / Aschheim, noris network won the first place in the category “Newly built energy- and resource-efficient data centers” at the German Data Center Awards.
German Data Center Award 2012
The Wagner Group was granted the German Data Center Award 2012 for the fire protection concept implemented in the Nürnberg Süd data center, which features active fire prevention at open cooling in the category focusing on data center safety.
DHL-Supplier Awards 2017
Due to the implemented savings, noris network was awarded in May 2017 for the project „E-Post Platform“ by the German Post DHL Group in the category Total Cost of Ownership (TCO).
Bavarian Founder’s Award 2019
noris network was honoured with the Bavarian Founder’s Prize 2019 and came out on top in the category “up-and-coming”. In this category, the expert jury honored companies that have already established themselves in the market, have shown extraordinary sales growth since their foundation and thus show potential for market leadership. Initiated by the savings banks, the magazine stern, the Porsche company and ZDF, the Founder’s Award is one of the most important awards for companies in Bavaria.
Service Provider Award 2020
noris network won platinum at the Service Provider Awards 2020 in the category Colocation / Data Center XXL.
Technologies
Linux Professional Institute Certification (LPIC)
The Linux Professional Institute (LPI) is considered to be the world’s leading professional certification program of the Linux community. We have our staff regularly qualified by participating in LPI and LPIC programs at different levels.
Kubernetes Certified Service Provider (KCSP)
The KCSP program certifies service providers who have extensive experience and support companies in successfully deploying Kubernetes. The KCSP partners offer support, consulting, professional services and training in terms of Kubernetes for companies starting their Kubernetes journey.
Microsoft Gold Certified Partner
Based on the very extensive training and certification program for our staff we have become a Gold Certified Partner to Microsoft. This demonstrates our expertise in the operation of Microsoft solutions and ensures high quality consultation services for our customers.
Oracle
As an Oracle Gold Partner with extensive special certifications for Oracle databases, Oracle hardware and Oracle middleware, we offer qualified and comprehensive support for your Oracle solutions. From procurement of licenses to design, operation and optimization of your databases: you get everything from a single source.
Have your dedicated Oracle setup managed by our dedicated Orace DBA (Database Administrator) team and experience the availability and performance that your business deserves!
Dell-EMC-Gold-Partner
As one of 52 Dell EMC Gold Partners in 2019, we can rely on an intensive partnership and pass on benefits such as discounts to our customers. Achieving the highly demanding requirements of this award demonstrates our expe Achieving the highly demanding requirements of this award demonstrates our expertise and many years of experience as a cloud service provider in partnership with Dell EMC.
In addition to the financial opportunities this offers for us and thus for our customers, we also have access to numerous seminars to further strengthen the knowledge of our employees in this area.
With us as a “Cloud Service Provider” you are well positioned in terms of quality and can rely on verifiable know-how. This award represents Dell EMC’s commitment to us as your reliable partner – benefit from it too!
SUSE partner
As a SUSE partner, we have the opportunity to participate in free training courses for the entire SUSE product range and the use of SUSE products, for example, so that we can pass on the resulting know-how to our customers.
This post is also available in: German