IT certificates

for auditable services

ISO 9001

ISO 9001 specifies the requirements for a Quality Management System (QMS) that can be used in a company. Products, services and, in particular, processes of an ISO 9001 certified company must comply with the requirements defined in the standard. Companies that have successfully implemented the ISO 9001: 2015 standard deploy defined processes for the continuous improvement of products and services and have the ability to demonstrate / furnish proof of compliance with the requirements.

ISO/IEC 27001

The international standard ISO/IEC 27001 specifies the requirements for an information security management system taking into account the context of an organization. The requirements of the standard include installation, implementation, operation, maintenance and continuous improvement.

noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 27001 by DQS (German Association for the Certification of Management Systems) since 2007 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.

The scope covers all business areas of noris network AG: “solutions, products and services in the areas of IT outsourcing, cloud services, managed services, network and security and data center infrastructures and operations”.

The Statement of Applicability (SoA) comprises all recommended measures as specified in the standard (“A.5” – “A.18”).

DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.

ISO 27001 certificate based on IT baseline protection strategy

Along with the IT baseline protection catalogs and their recommendations on standard security measures the IT baseline protection methodology is now a de-facto standard for IT security.

Based on ISO/IEC 27001, ISO 27001 certificate based on IT baseline protection strategy not only indicates whether IT security is implemented and improved according to plan, but also what level of IT security has already been achieved and how the concrete technical implementation will take place. This level of IT security is checked and confirmed by an auditor accredited by the German Federal Office for Information Security (BSI).

Since May 2014, the Nürnberg Zentrum and Nürnberg Süd data centers — and, as from 2017, also the new München Ost data center — are certified in terms of the “provision and operation of data centers and their infrastructure and operational services” by the Federal Office for Security in Information Technology (BSI).

In the BSI-IGZ-0413-2020 certificate the information pool “Provision and maintenance of data centers and their infrastructure as well as operations services” is considered to have “high” protection needs.

The certification comprises all processes and systems that are involved in the operation of housing / colocation services in noris network’s own data centers. This includes the operation of the data centers and the surrounding units, such as air conditioning systems, UPS and (emergency) power systems, access control systems and camera monitoring. The related “Housing” division is operated by noris network itself.

noris network is fully responsible for the respective services with its own staff at the sites. All critical services are operated by the company itself. In the event that external housing services (for example, maintenance of air-conditioning systems) are purchased, the corresponding service providers are monitored with appropriate specifications within the framework of their own process responsibility, in order to ensure secure and highly available data center operations at all times.

All relevant data center services are mapped in accordance with ISO 27001 (IT baseline protection), ISO / IEC 27001, and ISO / IEC 20000-1.

ITIL^®

noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is based on the security programs Visa Account Information Security (AIS) and MasterCard Site Data Protection (SDP).

This is the worldwide standard for the safety of card data. The PCI DSS security guidelines are effective in preventing misuse and theft. Housing services for customers in Noris data centers are PCI DSS certified.

ISO 14001

The certification according to the international standard ISO 14001 is proof of compliance with globally recognized requirements for an environmental management system. This green symbol is a visible sign for responsible use of natural resources. More efficient consumption of energy and raw materials, waste minimisation and selective risk avoidance – all this is part of the environmental management system according to ISO 14001.

Since the end of 2017, the office and data center locations of noris in Nuremberg have been certified according to ISO 14001 and are thus positioned as a sustainable company with goals of continuously improving environmental performance. At the same time, the company has established its own environmental management system and introduced an internal environmental policy.

EN 50600

As the first certification, EN 50600 integrates all aspects of a data center’s certification processes, including operations, management and key performance indicators. As a result, it creates international comparability.

The data center MUC5 from noris has been certified by DQS according to EN 50600 with the highest categories of the corresponding availability classes, i. e. VK4 (availability class 4 of 4), SK4 (protection class 4 of 4) and EK3 (energy efficiency class 3 of 3). noris network has fully implemented the requirements of EN 50600 with regard to general concepts, building design, power supply, regulation of environmental conditions, telecommunications cabling infrastructure and security system, i. e. the security requirements.

VdS 3406

Security is a basic prerequisite for successful business activities and should accordingly be the result of planned strategic action. This requires the recognition of imminent dangers and coordinated measures to counteract them as planned. The new guidelines VdS 3406 “Safety Management for Structural Objects” form the systematic framework for all these individual aspects. They help to document to third parties that integrated management, systematic balance sheet protection and certified risk provisioning are actively practised values.

noris has had its security management system certified according to the VdS 3406 guideline as the very first data center operator and second company at all. This guideline supplements and specifies the requirements with regard to corporate security from further norms and standards that are already in force at noris.

TISAX

TISAX (Trusted Information Security Assessment Exchange) enables the mutual recognition of information security assessments in the automotive industry and provides a common assessment and exchange mechanism. The evaluation results always remain under the control of the evaluated companies.

The effectiveness of the control processes and their current implementation are assessed on the basis of the procedure specified in TISAX, as published at the time of ENX reporting.

Detailed information on TISAX can be found at http://www.enx.com/tisax/.

Scope ID: SKMCWZ
Assessment ID: ATYHG8-1

The test results can be viewed at the following link: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults

TISAX and the test results obtained are not intended for the general public.
TISAX is a registered trademark and is subject to the ENX Association.

Cloud Vendor Assessment

The Cloud Vendor Assessment Service of the German Cyber Security Organization (DCSO) assesses the security level of cloud service providers. The topics examined range from security management and data protection to the security architecture of cloud services.

Companies that want to use cloud solutions are often concerned about the security of their data. This is where DCSO’s Cloud Vendor Assessment Service comes in, independently and objectively assessing the security level of cloud service providers.

Using a maturity-based assessment framework, the security level of the evaluated and comprehensible results are made available.

Detailed information on CVA can be found at: https://dcso.de/services/cloud-vendor-assessment/

German Data Center Award 2016

For its new München Ost data center located in Munich / Aschheim, noris network won the first place in the category “Newly built energy- and resource-efficient data centers” at the German Data Center Awards.

German Data Center Award 2012

The Wagner Group was granted the German Data Center Award 2012 for the fire protection concept implemented in the Nürnberg Süd data center, which features active fire prevention at open cooling in the category focusing on data center safety.

DHL-Supplier Awards 2017

Due to the implemented savings, noris network was awarded in May 2017 for the project „E-Post Platform“ by the German Post DHL Group in the category Total Cost of Ownership (TCO).

Bavarian Founder’s Award 2019

noris network was honoured with the Bavarian Founder’s Prize 2019 and came out on top in the category “up-and-coming”. In this category, the expert jury honored companies that have already established themselves in the market, have shown extraordinary sales growth since their foundation and thus show potential for market leadership. Initiated by the savings banks, the magazine stern, the Porsche company and ZDF, the Founder’s Award is one of the most important awards for companies in Bavaria.

Service Provider Award 2020

noris network won platinum at the Service Provider Awards 2020 in the category Colocation / Data Center XXL.