IT certificates

for auditable services

Your contact person

Joachim Astel
Chief Regulatory Officer (CRO)
T: +49 911 9352-0
Send e-mail

We not only promise security and quality at the highest level, but we can also prove this with our certificates. In this way, you receive continuous, certified and auditable services – from data center infrastructure, through operation of your servers and databases, to complete IT outsourcing.

Certification brochure

Download our certification brochure: This will give you a compact overview of our certifications, as they are the benchmark of objective criteria for industry-specific specifications and governance standards.

Whitepaper certification

Read our whitepaper about certification: It describes, among other things, what certification means and how you can benefit from it as a company.

Certifications

ISO/IEC 20000-1

ISO 20000-1

noris network AG is one of the first companies in Germany that have been certified according to ISO / IEC 20000-1 by DQS (German Association for the Certification of Management Systems) since 2013 and consistently implement their security and service management on the basis of the ISO / IEC standards. Monitoring of these standards is done by an external DQS auditor by conducting an annual surveillance audit and a re-certification audit every three years.

The scope covers services in all business areas of noris network AG: “outsourcing services, cloud services, managed services, network & security services, provisioning and maintenance of data centers and their infrastructure as well as operations services”. As a result, all processes at noris network AG are geared towards providing the best possible service and meeting the most stringent requirements.

DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.

All staff employed by noris network additionally acquire an ISO 20000 Foundation certificate as personal certification in order to achieve and continuously further develop a consistent understanding and awareness for process flows.

BSI baseline protection

1

ISO 27001 certificate based on IT baseline protection strategy (DAkks | IQNet)

Based on ISO/IEC 27001, ISO 27001 certificate based on IT baseline protection strategy not only indicates whether IT security is implemented and improved according to plan, but also what level of IT security has already been achieved and how the concrete technical implementation will take place. This level of IT security is checked and confirmed by an auditor accredited by the German Federal Office for Information Security (BSI).

Did the surveillance audits for the ISO 27001 certificate based on IT baseline protection strategy take place this year?
Our surveillance audits take place annually in the spring. A new certificate is only issued by BSI, if certificate-relevant information has changed. 


ISO 20000-1

1

ISO 20000-1 (DAkkS | IQNET)

The scope covers services in all business areas of noris network AG. As a result, all processes at noris network AG are geared towards providing the best possible service and meeting the most stringent requirements. DQS GmbH has issued for noris network AG certificate deeds on behalf of the German accreditation body DAkkS and the certification body IQNet.


ISO/IEC 27001

1

ISO/IEC 27001 (DAkks | IQNet)

The international standard ISO/IEC 27001 specifies the requirements for an information security management system taking into account the context of an organization. The requirements of the standard include installation, implementation, operation, maintenance and continuous improvement.


ISO 9001

1

ISO 9001 (DAkkS | IQNET)

ISO 9001 specifies the requirements for a Quality Management System (QMS) that can be used in a company. Companies that have successfully implemented the ISO 9001: 2015 standard deploy defined processes for the continuous improvement of products and services and have the ability to demonstrate / furnish proof of compliance with the requirements.


EN 50600

1

EN 50600

As the first certification, EN 50600 integrates all aspects of a data center’s certification processes, including operations, management and key performance indicators. As a result, it creates international comparability.


PCI DSS

1

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is based on the security programs Visa Account Information Security (AIS) and MasterCard Site Data Protection (SDP). This is the worldwide standard for the safety of card data. The PCI DSS security guidelines are effective in preventing misuse and theft. Housing services for customers in Noris data centers are PCI DSS certified.


ISO 14001

1

ISO 14001 – Environmental management

The certification according to the international standard ISO 14001 is proof of compliance with globally recognized requirements for an environmental management system. This green symbol is a visible sign for responsible use of natural resources. More efficient consumption of energy and raw materials, waste minimisation and selective risk avoidance – all this is part of the environmental management system according to ISO 14001.


ISO 50001

1

ISO 50001 – Energy management

The international ISO 50001 standard sets out requirements for companies to introduce, implement and improve an energy management system. With this management system, we transparently present how we manage our energy balance, what contribution we make to sustainable CO2 footprint minimization and how we best manage our energy costs by using energy very efficiently.


KRITIS

1

KRITIS

Definition by the German government: Critical infrastructures are organizations or facilities of major importance for the state community, the failure or impairment of which would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences.

Since 2020, noris network AG with its data centers has officially been part of the KRITIS.


VdS 3406

1

VdS 3406 – security management

Sicherheit ist eine Grundvoraussetzung für erfolgreiche unternehmerische Aktivitäten und sollte dementsprechend das Ergebnis geplanten strategischen Handelns sein.  Diese erfordert das Erkennen drohender Gefahren sowie koordinierte Maßnahmen, um ihnen planmäßig zu begegnen. Die neuen Richtlinien VdS 3406 „Sicherheitsmanagement für bauliche Objekte“ bilden die systematische Klammer über alle diese Einzelaspekte. 


TÜViT TSI Level 4

1

TÜViT TSI Level 4

As one of only a few data centers worldwide, construction phase 2 of the data center Nürnberg Süd is certified according to the TSI.STANDARD of TÜViT in Level 4! This quality level of the TSI.STANDARD stands for very high security requirements and maximum availability.


ITIL

1
1

ITIL®

noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.

Declarations of conformity

ITIL

noris network AG operates according to the IT Infrastructure Library in all departments which are involved within the scope of your projects. Important aspects are the central service desk, execution of your service requests, and the handling of incidents and changes according to the operating manual.

TISAX (Automotive)

With TISAX (Trusted Information Security Assessment Exchange), the ENX Association supports the common acceptance of information security assessments in the automotive industry on behalf of the VDA. TISAX enables participants to exchange information security-related information and offers the possibility to have their own information security assessed on the basis of standardized criteria. In addition, information about the information security of other participants can be obtained. The TISAX assessments are carried out by accredited test providers who prove their qualification at regular intervals.

Confidentiality, availability and integrity of information are very important to noris network. We have taken extensive measures to protect sensitive and/or confidential information. The TISAX assessment provider was DQS BIT GmbH. The assessments covered the following locations and objectives:

Scope IDAssessment IDLocation IDStandort
SLVCP2A1M58F-1LR2ZVCNürnberg-Süd
SLVCP2A1M58F-1LVNPXWNürnberg-Mitte
SLVCP2A1M58F-1LY69Y7München-Ost
Scope IDAssessment IDLocation IDStandort
SLVCP2A1M58F-1LR2ZVCNuremberg south
SLVCP2A1M58F-1LVNPXWNuremberg center
SLVCP2A1M58F-1LY69Y7Munich east

TISAX and the results obtained are not intended for the general public. The results can only be accessed via the ENX portal: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults

BaFin

Since 1996, noris network has been gathering experience in bank hosting and demonstrates strong core competencies in the implementation of setups that focus on IT security and simultaneous compliance with business continuity requirements. According to the directives stipulated in MaRisk and KWG, banks / financial institutions are subject to audits and can be audited by BaFin. Such customers enter into contractual agreements on appropriate audit rights with noris network AG, in order to meet the current and future requirements of the supervisory authority at any time. From the BaFin perspective, the respective bank is free to choose the respective audit framework.

Reports

ISAE 3402 Type II Report

ISAE 3402 Type I & Type II Reportnoris network has had testified its own ICS by an external auditor and can exhibit this in the form of an ISAE 3402 Type II certificate. ISAE 3402 is the international standard for the auditing of outsourced processes and thus fulfils all requirements of IDW PS 951 and the requirements for a SOC1 report (according to SAS70, SSAE16 and the successor standard SSAE18).

The advantage for our customers: noris network can provide a certificate for audits that is recognised as auditor-to-auditor communication (auditor to auditor) and thus meets all requirements of the auditors.

Awards

Top 100 innovator

“Top 100” is an award for the most innovative medium-sized companies in Germany. noris network has been awarded the Top 100 seal in 2023. The award is evaluated taking into account the overall innovation process of companies from a wide range of industries and size categories as well as test criteria. Thus, we are among the Top Innovators 2023 and belong to the 100 most innovative medium-sized companies. Learn more about the Top 100 and further test criteria here: https://www.top100.de/pruefkriterien/

Technologies

Linux Professional Institute Certification (LPIC)

Linux Professional Institute Certification (LPIC)

The Linux Professional Institute (LPI) is considered to be the world’s leading professional certification program of the Linux community. We have our staff regularly qualified by participating in LPI and LPIC programs at different levels.

This post is also available in: German