IT certificates

for auditable services

ISO/IEC 27001

The international standard ISO/IEC 27001 specifies the requirements for an information security management system taking into account the context of an organization. The requirements of the standard include installation, implementation, operation, maintenance and continuous improvement.

noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 27001 by DQS (German Association for the Certification of Management Systems) since 2007 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.

The scope covers all business areas of noris network AG: “solutions, products and services in the areas of IT outsourcing, cloud services, managed services, network and security and data center infrastructures and operations”.

The Statement of Applicability (SoA) comprises all recommended measures as specified in the standard (“A.5” – “A.18”).

DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.

ISO 27001 certificate based on IT baseline protection strategy

Along with the IT baseline protection catalogs and their recommendations on standard security measures the IT baseline protection methodology is now a de-facto standard for IT security.

Based on ISO/IEC 27001, ISO 27001 certificate based on IT baseline protection strategy not only indicates whether IT security is implemented and improved according to plan, but also what level of IT security has already been achieved and how the concrete technical implementation will take place. This level of IT security is checked and confirmed by an auditor accredited by the German Federal Office for Information Security (BSI).

Since May 2014, the Nürnberg Zentrum and Nürnberg Süd data centers — and, as from 2017, also the new München Ost data center — are certified in terms of the “provision and operation of data centers and their infrastructure and operational services” by the Federal Office for Security in Information Technology (BSI).

In the BSI-IGZ-0413-2020 certificate the information pool “Provision and maintenance of data centers and their infrastructure as well as operations services” is considered to have “high” protection needs.

The certification comprises all processes and systems that are involved in the operation of housing / colocation services in noris network’s own data centers. This includes the operation of the data centers and the surrounding units, such as air conditioning systems, UPS and (emergency) power systems, access control systems and camera monitoring. The related “Housing” division is operated by noris network itself.

noris network is fully responsible for the respective services with its own staff at the sites. All critical services are operated by the company itself. In the event that external housing services (for example, maintenance of air-conditioning systems) are purchased, the corresponding service providers are monitored with appropriate specifications within the framework of their own process responsibility, in order to ensure secure and highly available data center operations at all times.

All relevant data center services are mapped in accordance with ISO 27001 (IT baseline protection), ISO / IEC 27001, and ISO / IEC 20000-1.

ISO 9001

ISO 9001 specifies the requirements for a Quality Management System (QMS) that can be used in a company. Products, services and, in particular, processes of an ISO 9001 certified company must comply with the requirements defined in the standard. Companies that have successfully implemented the ISO 9001: 2015 standard deploy defined processes for the continuous improvement of products and services and have the ability to demonstrate / furnish proof of compliance with the requirements.

ISO 14001

The certification according to the international standard ISO 14001 is proof of compliance with globally recognized requirements for an environmental management system. This green symbol is a visible sign for responsible use of natural resources. More efficient consumption of energy and raw materials, waste minimisation and selective risk avoidance – all this is part of the environmental management system according to ISO 14001.

noris’ office and data center locations in Nuremberg and the Munich East data center are certified in accordance with ISO 14001 and are thus positioned as a sustainable company with goals of continuously improving environmental performance. At the same time, the company has established its own environmental management system and introduced an internal environmental policy.

ISO 50001

The international ISO 50001 standard sets out requirements for companies to introduce, implement and improve an energy management system. With this management system, we transparently present how we manage our energy balance, what contribution we make to sustainable CO2 footprint minimization and how we best manage our energy costs by using energy very efficiently.
To make our energy efficiency management measures transparent, we have defined an organization-wide energy policy, set ourselves energy targets, and measure target achievement using key performance indicators. In addition, action plans ensure continuous improvement.

EN 50600

As the first certification, EN 50600 integrates all aspects of a data center’s certification processes, including operations, management and key performance indicators. As a result, it creates international comparability.

The data center MUC5 from noris has been certified by DQS according to EN 50600 with the highest categories of the corresponding availability classes, i. e. VK4 (availability class 4 of 4), SK4 (protection class 4 of 4) and EK3 (energy efficiency class 3 of 3). noris network has fully implemented the requirements of EN 50600 with regard to general concepts, building design, power supply, regulation of environmental conditions, telecommunications cabling infrastructure and security system, i. e. the security requirements.

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is based on the security programs Visa Account Information Security (AIS) and MasterCard Site Data Protection (SDP).

This is the worldwide standard for the safety of card data. The PCI DSS security guidelines are effective in preventing misuse and theft. Housing services for customers in Noris data centers are PCI DSS certified.

VdS 3406

Security is a basic prerequisite for successful business activities and should accordingly be the result of planned strategic action. This requires the recognition of imminent dangers and coordinated measures to counteract them as planned. The new guidelines VdS 3406 “Safety Management for Structural Objects” form the systematic framework for all these individual aspects. They help to document to third parties that integrated management, systematic balance sheet protection and certified risk provisioning are actively practised values.

noris has had its security management system certified according to the VdS 3406 guideline as the very first data center operator and second company at all. This guideline supplements and specifies the requirements with regard to corporate security from further norms and standards that are already in force at noris.

TISAX

TISAX (Trusted Information Security Assessment Exchange) enables the mutual recognition of information security assessments in the automotive industry and provides a common assessment and exchange mechanism. The evaluation results always remain under the control of the evaluated companies.

The effectiveness of the control processes and their current implementation are assessed on the basis of the procedure specified in TISAX, as published at the time of ENX reporting.

Detailed information on TISAX can be found at http://www.enx.com/tisax/.

Scope ID: SKMCWZ
Assessment ID: ATYHG8-1

The test results can be viewed at the following link: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults

TISAX and the test results obtained are not intended for the general public.
TISAX is a registered trademark and is subject to the ENX Association.

ITIL^®

noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.

TÜViT TSI Level 4

As one of only a few data centers worldwide, construction phase 2 of the data center Nürnberg Süd is certified according to the TSI.STANDARD of TÜViT in Level 4! This quality level of the TSI.STANDARD stands for very high security requirements and maximum availability.

Detailed information about TÜViT can be found at: TÜViT (TÜV NORD GROUP)

Certificate TÜViT TSI Level 4 (PDF)

KRITIS

Definition by the German government: Critical infrastructures are organizations or facilities of major importance for the state community, the failure or impairment of which would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences.

Since 2020, noris network AG with its data centers has officially been part of the KRITIS.

Certificate KRITIS (PDF)