Privacy & Information Security Law Blog

On March 8, 2012, during the CeBIT international IT trade show, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik or “BSI”) accepted the German Insurance Association’s application for certification of the “Trusted German Insurance Cloud,” a project that aims to establish a secure IT platform for the German insurance industry.  The parties previously had agreed to work together to develop practical requirements for a secure cloud solution, and to implement appropriate security measures in the “Trusted German Insurance Cloud.” In accordance with the BSI’s baseline security parameters, the practical requirements for the cloud are meant to contemplate the ISO 27001 standard as well as appropriate IT security criteria issued by data protection authorities. The implementation of the cloud security requirements will be finalized pursuant to the BSI’s certification process.

As was the case when it drafted the position paper “Information Security Issues for Cloud Computing,” the BSI has stated that its goal is to work in cooperation with the private sector to develop practical guidelines and recommendations for IT security. The BSI likely will be looking to extend this approach to other industries and sectors by developing a generally applicable certification procedure for cloud services.