11/06/2025
Cloud security for SMEs: q.beyond obtains C5 attestation in accordance with BSI criteria
- Verification covers security, data protection, availability, and compliance
- Companies receive secure and sovereign cloud services from Germany
- C5 creates transparency for selecting secure cloud Providers
The IT service provider offers sovereign and secure IT services to its customers, including services offered on the basis of its private cloud from its own high-security data centres in Germany.
Basis for IT sovereignty
“q.beyond is the right address for medium-size companies that would like to determine their IT services themselves and stay independent of the large providers”, explains Nora Wolters, CFO of q.beyond AG. “Above all, the C5 attestation issued by the BSI confirms that q.beyond’s cloud services are operated exclusively in Germany. And that is a fundamental building block which our customers need as they head for IT sovereignty.”
From cloud to cybersecurity through to AI: To enable companies to flexibly structure their IT landscapes with a view to their own IT sovereignty, q.beyond has in recent times significantly expanded and further developed numerous IT services. In the summer of this year, for example, the IT service provider opened a second Cyber Defence Center (CDC). As Security Operations Centers (SOC), both sites pool q.beyond’s security activities and form a core component of a self-determined IT security strategy for q.beyond’s security customers.
For companies that wish to automate their process landscapes based on artificial intelligence but prefer not to store their sensitive business data in a public cloud, q.beyond offers a sovereign AI solution with its “Private Enterprise AI”. And with the colocation services offered from q.beyond’s high-security data centres, company data benefits from a secure environment that is “made in Germany”.
C5: strict requirements for services and infrastructure
The object of the attestation related above all to the cloud environments operated by q.beyond. The focus was on the processes and technical checks involved in cloud service provision.
The review performed for the C5 attestation involved 121 checks in 17 topical areas, including infrastructure, network security, and access management, as well as backup and recovery procedures.
The audited systems are fully integrated into q.beyond’s information security management-system (ISMS) and thus certified under international standards, and above all under ISO/IEC 27001, ISO/IEC 27017, ISO 9001, and ISAE 3402 Type 2. The ISMS safeguards uniform processes for change, incident, problem, and patch management and is supplemented by regular vulnerability analyses, internal audits, awareness measures, and audited backup and disaster recovery processes.
The C5 attestation also covers q.beyond’s private cloud services including, among others, its “Managed SAP Hosting Services” and “Managed Private Cloud (IaaS)”.
picture: BSI C5 – Cloud Computing Compliance Criteria Catalogue
About q.beyond AG
q.beyond AG is the key to successful digitalisation. We help our customers find, implement, and operate the best digital solutions for their businesses. Upholding IT sovereignty is our core ambition. Our strong team of 1,100 specialists accompanies SMEs reliably as they tackle their digital transformation. Customers benefit here from our all-round expertise in cloud, applications, AI, and security. With locations across Germany and in Latvia, Spain, India, and the USA, its own certified data centres, and experience built up over more than 25 years, q.beyond is one of Germany’s leading IT service providers.
Contact
q.beyond AG
Arne Thull
Head of Investor Relations/Mergers & Acquisitions
T +49 221 669 8724
invest@qbeyond.de
