IT certificates
for auditable services

csm_management_vorstand_joachim_astel_small_09_5726126e62

Your contact person

Joachim Astel
Chief Regulatory Officer (CRO)
T: +49 911 9352-0
Send e-mail

Overview Certifications Declarations of conformity Reports Awards Technologies

We not only promise security and quality at the highest level, but we can also prove this with our certificates. In this way, you receive continuous, certified and auditable services – from data center infrastructure, through operation of your servers and databases, to complete IT outsourcing.

Certification brochure

Download our certification brochure: This will give you a compact overview of our certifications, as they are the benchmark of objective criteria for industry-specific specifications and governance standards.

Certification brochure

Whitepaper certification

Read our whitepaper about certification: It describes, among other things, what certification means and how you can benefit from it as a company.

Whitepaper certification

Certifications

ISO 20000-1

ISO 20000-1

noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 20000-1 by DQS (German Association for the Certification of Management Systems) since 2013 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.

The scope covers services in all business areas of noris network AG: “outsourcing services, cloud services, managed services, network & security services, provisioning and maintenance of data centers and their infrastructure as well as operations services”. As a result, all processes at noris network AG are geared towards providing the best possible service and meeting the most stringent requirements.

DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.

All staff employed by noris network additionally acquire an ISO 20000 Foundation certificate as personal certification in order to achieve and continuously further develop a consistent understanding and awareness for process flows.

Certificate ISO 20000-1 DAkkS (PDF)

Certificate ISO 20000-1 IQ-Net (PDF)

ISO/IEC 27001

The international standard ISO/IEC 27001 specifies the requirements for an information security management system taking into account the context of an organization. The requirements of the standard include installation, implementation, operation, maintenance and continuous improvement.

noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 27001 by DQS (German Association for the Certification of Management Systems) since 2007 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.

The scope covers all business areas of noris network AG: “solutions, products and services in the areas of IT outsourcing, cloud services, managed services, network and security and data center infrastructures and operations”.

The Statement of Applicability (SoA) comprises all recommended measures as specified in the standard (“A.5” – “A.18”).

DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.

Certificate ISO/IEC 27001 DAkks (PDF)

Certificate ISO/IEC 27001 IQNet (PDF)

ISO 27001 certificate based on IT baseline protection strategy

ISO 27001 certificate based on IT baseline protection strategy

Along with the IT baseline protection catalogs and their recommendations on standard security measures the IT baseline protection methodology is now a de-facto standard for IT security.

Based on ISO/IEC 27001, ISO 27001 certificate based on IT baseline protection strategy not only indicates whether IT security is implemented and improved according to plan, but also what level of IT security has already been achieved and how the concrete technical implementation will take place. This level of IT security is checked and confirmed by an auditor accredited by the German Federal Office for Information Security (BSI).

Since May 2014, the Nürnberg Zentrum and Nürnberg Süd data centers — and, as from 2017, also the new München Ost data center — are certified in terms of the “provision and operation of data centers and their infrastructure and operational services” by the Federal Office for Security in Information Technology (BSI).

In the BSI-IGZ-0413-2020 certificate the information pool “Provision and maintenance of data centers and their infrastructure as well as operations services” is considered to have “high” protection needs.

The certification comprises all processes and systems that are involved in the operation of housing / colocation services in noris network’s own data centers. This includes the operation of the data centers and the surrounding units, such as air conditioning systems, UPS and (emergency) power systems, access control systems and camera monitoring. The related “Housing” division is operated by noris network itself.

noris network is fully responsible for the respective services with its own staff at the sites. All critical services are operated by the company itself. In the event that external housing services (for example, maintenance of air-conditioning systems) are purchased, the corresponding service providers are monitored with appropriate specifications within the framework of their own process responsibility, in order to ensure secure and highly available data center operations at all times.

All relevant data center services are mapped in accordance with ISO 27001 (IT baseline protection), ISO / IEC 27001, and ISO / IEC 20000-1.

Did the surveillance audits for the ISO 27001 certificate based on IT baseline protection strategy take place this year?
Our surveillance audits take place annually in the spring. A new certificate is only issued by BSI, if certificate-relevant information has changed. On the BSI website you will find an overview of valid and public ISO 27001 certificates based on IT baseline protection strategy sorted by validity date.

Certificate ISO 27001-Certificate on the basis of IT basic protection (PDF)

ISO 9001

ISO 9001

ISO 9001 specifies the requirements for a Quality Management System (QMS) that can be used in a company. Products, services and, in particular, processes of an ISO 9001 certified company must comply with the requirements defined in the standard. Companies that have successfully implemented the ISO 9001: 2015 standard deploy defined processes for the continuous improvement of products and services and have the ability to demonstrate / furnish proof of compliance with the requirements.

Certificate ISO 9001 DAkkS (PDF)

Certificate ISO 9001 IQNet (PDF)

ISO 14001

ISO 14001

The certification according to the international standard ISO 14001 is proof of compliance with globally recognized requirements for an environmental management system. This green symbol is a visible sign for responsible use of natural resources. More efficient consumption of energy and raw materials, waste minimisation and selective risk avoidance – all this is part of the environmental management system according to ISO 14001.

noris’ office and data center locations in Nuremberg and the Munich East data center are certified in accordance with ISO 14001 and are thus positioned as a sustainable company with goals of continuously improving environmental performance. At the same time, the company has established its own environmental management system and introduced an internal environmental policy.

Certificate ISO 14001 (PDF)

ISO 50001

ISO 50001

The international ISO 50001 standard sets out requirements for companies to introduce, implement and improve an energy management system. With this management system, we transparently present how we manage our energy balance, what contribution we make to sustainable CO2 footprint minimization and how we best manage our energy costs by using energy very efficiently.
To make our energy efficiency management measures transparent, we have defined an organization-wide energy policy, set ourselves energy targets, and measure target achievement using key performance indicators. In addition, action plans ensure continuous improvement.

Certificate ISO 50001 (PDF)

EN 50600

EN 50600

As the first certification, EN 50600 integrates all aspects of a data center’s certification processes, including operations, management and key performance indicators. As a result, it creates international comparability.

The data center MUC5 from noris has been certified by DQS according to EN 50600 with the highest categories of the corresponding availability classes, i. e. VK4 (availability class 4 of 4), SK4 (protection class 4 of 4) and EK3 (energy efficiency class 3 of 3). noris network has fully implemented the requirements of EN 50600 with regard to general concepts, building design, power supply, regulation of environmental conditions, telecommunications cabling infrastructure and security system, i. e. the security requirements.

Certificate EN 50600 (PDF)

PCI DSS

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is based on the security programs Visa Account Information Security (AIS) and MasterCard Site Data Protection (SDP).

This is the worldwide standard for the safety of card data. The PCI DSS security guidelines are effective in preventing misuse and theft. Housing services for customers in Noris data centers are PCI DSS certified.

Certificate PCI DSS (PDF)

VdS 3406

VdS 3406

Security is a basic prerequisite for successful business activities and should accordingly be the result of planned strategic action. This requires the recognition of imminent dangers and coordinated measures to counteract them as planned. The new guidelines VdS 3406 “Safety Management for Structural Objects” form the systematic framework for all these individual aspects. They help to document to third parties that integrated management, systematic balance sheet protection and certified risk provisioning are actively practised values.

noris has had its security management system certified according to the VdS 3406 guideline as the very first data center operator and second company at all. This guideline supplements and specifies the requirements with regard to corporate security from further norms and standards that are already in force at noris.

Certificate VdS 3406 Nuremberg office (PDF)

Certificate VdS 3406 Nuremberg data center (PDF)

Certificate VdS 3406 Munich office (PDF)

Certificate VdS 3406 Munich data center (PDF)

Certificate VdS 3406 Hof office (PDF)

Certificate VdS 3406 Hof data center (PDF)

Certificate VdS 3406 Berlin office (PDF)

TISAX

TISAX

TISAX (Trusted Information Security Assessment Exchange) enables the mutual recognition of information security assessments in the automotive industry and provides a common assessment and exchange mechanism. The evaluation results always remain under the control of the evaluated companies.

The effectiveness of the control processes and their current implementation are assessed on the basis of the procedure specified in TISAX, as published at the time of ENX reporting.

Detailed information on TISAX can be found at http://www.enx.com/tisax/.

Scope ID: SLVCP2
Assessment ID: A1M58F-1

The test results can be viewed at the following link: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults

TISAX and the test results obtained are not intended for the general public.
TISAX is a registered trademark and is subject to the ENX Association.

ITIL®

TÜViT TSI Level 4

TÜViT TSI Level 4

As one of only a few data centers worldwide, construction phase 2 of the data center Nürnberg Süd is certified according to the TSI.STANDARD of TÜViT in Level 4! This quality level of the TSI.STANDARD stands for very high security requirements and maximum availability.

Detailed information about TÜViT can be found at: TÜViT (TÜV NORD GROUP)

Certificate TÜViT TSI Level 4 (PDF)

KRITIS

KRITIS

Definition by the German government: Critical infrastructures are organizations or facilities of major importance for the state community, the failure or impairment of which would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences.

Since 2020, noris network AG with its data centers has officially been part of the KRITIS.

Certificate KRITIS (PDF)

BSI baseline protection

ISO 20000-1

ISO/IEC 27001

ISO 9001

EN 50600

PCI DSS

ISO 14001

ISO 50001

KRITIS

VdS 3406

ISO 14001

ISO 14001

ITIL

1

Declarations of conformity

ITIL

noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.

TISAX (Automotive)

TISAX (Trusted Information Security Assessment Exchange) enables the mutual recognition of information security assessments in the automotive industry and provides a common assessment and exchange mechanism. The evaluation results always remain under the control of the evaluated companies. TISAX and the test results obtained are not intended for the general public. TISAX is a registered trademark and is subject to the ENX Association.

The effectiveness of the control processes and their current implementation are assessed on the basis of the procedure specified in TISAX, as published at the time of ENX reporting. Detailed information on TISAX can be found at http://www.enx.com/tisax/.

Scope ID: SLVCP2
Assessment ID: A1M58F-1

The test results can be viewed at the following link: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults

BaFin

Since 1996, noris network has been gathering experience in bank hosting and demonstrates strong core competencies in the implementation of setups that focus on IT security and simultaneous compliance with business continuity requirements. According to the directives stipulated in MaRisk and KWG, banks / financial institutions are subject to audits and can be audited by BaFin. Such customers enter into contractual agreements on appropriate audit rights with noris network AG, in order to meet the current and future requirements of the supervisory authority at any time. From the BaFin perspective, the respective bank is free to choose the respective audit framework.

Reports

ISAE 3402 Type II Report

noris network has had testified its own ICS by an external auditor and can exhibit this in the form of an ISAE 3402 Type II certificate.
ISAE 3402 is the international standard for the auditing of outsourced processes and thus fulfils all requirements of IDW PS 951 and the requirements for a SOC1 report (according to SAS70, SSAE16 and the successor standard SSAE18).
The advantage for our customers: noris network can provide a certificate for audits that is recognised as auditor-to-auditor communication (auditor to auditor) and thus meets all requirements of the auditors.

Awards

Bavaria’s Best 50

Bavaria’s Best 50

In 2010 and 2015, noris network AG was honored by the Bavarian State Minister for Economic Affairs, Infrastructure, Transport and Technology as one of the best 50 medium-sized companies in Bavaria due to the increase in staff headcount and sales growth achieved over the last few years (with sales growth rates between 25 and 30 percent per year).

German Data Center Award 2016

German Data Center Award 2012

DHL-Supplier Awards 2017

Bavarian Founder’s Award 2019

Bavarian Founder’s Award 2019

noris network was honoured with the Bavarian Founder’s Prize 2019 and came out on top in the category “up-and-coming”. In this category, the expert jury honored companies that have already established themselves in the market, have shown extraordinary sales growth since their foundation and thus show potential for market leadership. Initiated by the savings banks, the magazine stern, the Porsche company and ZDF, the Founder’s Award is one of the most important awards for companies in Bavaria.

Service Provider Award 2020

Technologies

Linux Professional Institute Certification (LPIC)

Linux Professional Institute Certification (LPIC)

The Linux Professional Institute (LPI) is considered to be the world’s leading professional certification program of the Linux community. We have our staff regularly qualified by participating in LPI and LPIC programs at different levels.

Kubernetes Certified Service Provider (KCSP)

Microsoft Gold Certified Partner

Oracle Gold Partner

Oracle

As an Oracle Gold Partner with extensive special certifications for Oracle databases, Oracle hardware and Oracle middleware, we offer qualified and comprehensive support for your Oracle solutions. From procurement of licenses to design, operation and optimization of your databases: you get everything from a single source.

Have your dedicated Oracle setup managed by our dedicated Orace DBA (Database Administrator) team and experience the availability and performance that your business deserves!

Dell EMC Gold Partner

Dell-EMC-Gold-Partner

As one of 52 Dell EMC Gold Partners in 2019, we can rely on an intensive partnership and pass on benefits such as discounts to our customers. Achieving the highly demanding requirements of this award demonstrates our expe Achieving the highly demanding requirements of this award demonstrates our expertise and many years of experience as a cloud service provider in partnership with Dell EMC.

In addition to the financial opportunities this offers for us and thus for our customers, we also have access to numerous seminars to further strengthen the knowledge of our employees in this area.

With us as a “Cloud Service Provider” you are well positioned in terms of quality and can rely on verifiable know-how. This award represents Dell EMC’s commitment to us as your reliable partner – benefit from it too!

Suse

VMware Cloud Verified

VMware

As an official partner of VMware, we have access to a wide range of VMware services and can provide them to our customers.

Since 2020 we are also VMware Cloud Verified! This means that we are one of selected VMware partners that have official Cloud Partner status. The Cloud Verified designation was created to help customers identify which cloud providers operate a standardized VMware cloud environment, among other things. This means that we are allowed to provide services to our customers that are classified as cloud-ready by VMware.

Atlassian Silver Partner

Atlassian Silver Partner

We have years of experience with Atlassian tools and also use them internally. In addition to the provision, we also advise on administration and provide assistance in the investigation of optimization potential. As a certified Atlassian partner, we have the opportunity to offer our customers everything from a single source, from consulting to deployment and operation & support to licensing.

IT certificatesfor auditable services

Certification brochure

Whitepaper certification

Certifications

Declarations of conformity

ITIL

TISAX (Automotive)

BaFin

Reports

ISAE 3402 Type II Report

Awards

Technologies

IT certificates
for auditable services