Xurrent’s C5 attestation strengthens data protection

Cloud Computing Compliance Criteria Catalogue (C5) attestation is a framework developed by the BSI (German Federal Office for Information Security) for cloud service providers, such as Xurrent.
C5 attestation includes security controls assessment across multiple domains, including organization, cryptography, physical security, and operational security.
What makes C5 particularly important is its focus on transparency about where data is processed and stored, which is crucial for companies operating under EU data protection laws.
C5 also:
- Examines organizational processes, technical controls, and physical security
- Produces detailed reports that organizations can share with customers/stakeholders
- Requires independent third-party auditors to verify all required controls and security measures have been met
If you are a current (or future) Xurrent customer, you’ll want to keep reading.
Why ITSM customers should care about C5 attestation
If you care about …
Cloud security.
Compliance.
Operational resilience.
Data protection.
… then C5 attestation is a big deal.
1: Enhanced security & compliance: Customers, especially those in regulated industries (see finance, healthcare, retail, government, etc.), can confidently use Xurrent, knowing it continues to meet high-security standards.
2: Stronger data protection & privacy controls: Since C5 is aligned with European GDPR and other stringent regulations, Xurrent customers can be assured of strong data integrity, strict confidentiality, and high availability. This includes controls for encryption, access management, logging, and monitoring — all to protect customer data.
Note: BYOK in Xurrent is a significant enabler of this attestation.
3: Simplified risk & compliance management: Since C5 attestation is a trusted validation of security controls, the burden on customers for conducting vendor security assessments on C5 attested companies is significantly reduced.
4: Increased trust & transparency: Thanks to Xurrent’s commitment to transparency and security documentation, aligning with the C5 framework gives customers and prospects unified and consistent visibility into our security measures. This also reduces the possibility of third-party risks.
5: Stronger business continuity & Incident Management: Xurrent is known for our simplified Incident Management processes. With C5 attestation, Xurrent customers can now be even more assured of our high service availability and reduced risk of disruptions.
6: Alignment with international security standards: Many Xurrent customers operate across multiple jurisdictions. With C5 attestation, customers can be assured of Xurrent’s commitment to seek compliance with European and international security regulations. C5 maps closely to other global security frameworks, including ISO 27001, SOC 2 Type II, and FedRAMP.

Security is paramount at Xurrent
We take our commitment to security, data protection, and privacy very seriously.
As we share here, the protection and privacy of customer data is our #1 operational priority. They are key to our customers’ success as well as our own.
C5 attestation means that an external auditor has verified that Xurrent’s security controls “were suitably designed and implemented to meet the applicable cloud computing compliance criteria (C5).”
Xurrent customers shouldn’t have to worry about its ITSM platform being secure.
We’ve done the hard work of meeting these strict security requirements so you can focus on what you do best — running your business.
Want to know more about our security practices? Chat with one of our experts.