Skip to main content

Mendix Receives C5 Type II Attestation from the German Federal Office for Information Security 

Site Search

Contact Sales
Try for Free
Press Release

Mendix Receives C5 Type II Attestation from the German Federal Office for Information Security 

Mendix, a Siemens business, announced C5 Type II attestation from the German Federal Office for Information Security (BSI). This attestation extends the extensive Mendix suite of security certifications. 

Cloud reliability and compliance, made in Germany

With C5 Type II, Mendix addresses key requirements of German federal authorities, state administrations, and regulated industries without lengthy individual audits. 

Mendix customers have the option of operating either totally on-premises or in STACKIT’s German data centers. 

Developers can build low-code applications that immediately provide the proof required for public tenders, from multi-factor authentication to disaster recovery.  

What is the BSI C5 Type II report? 

The Cloud Computing Compliance Criteria Catalogue (C5:2020) of the BSI defines a cloud-specific minimum baseline of 121 security criteria, bundled into 17 specialist areas (including organization, identity & access management, cryptography, physical security, operational processes, incident & business continuity management). These criteria are closely based on ISO 27001/17/18, SOC 2, and the BSI IT baseline protection compendium and are therefore internationally compatible.  

A type II report not only demonstrates the design but also the effectiveness of the controls over a test period of typically six to twelve months using random sample tests. It is therefore considered significantly more meaningful than a one-off type I snapshot. 

Why is C5 Type II so relevant for the German market? 

C5 is a standard developed by the BSI and is therefore de facto mandatory or strongly favored in public sector tenders. 

Leading hyperscalers have their services tested annually according to C5 Type II and sensitize the market to this.  

Customers receive a detailed audit report (including auditor statement and mapping to ISO/SOC), which can be used as proof of due diligence in procurement and risk analyses.

For more information on Mendix security and standards, please visit https://www.mendix.com/trust.

    About Mendix

    Mendix, a Siemens business, is the only low-code platform designed to address the full complexity of enterprise software development challenges. Deploying point solutions to departmental problems solves things at a micro level—but if you want to make a significant impact on your business, you need to go bigger and build powerful portfolios that move the needle sustainably and strategically.

    With Mendix, enterprises can take on more complex, transformational initiatives by engaging everyone in capturing requirements, forming ideas, and embedding value assessment throughout the lifecycle of the software portfolio.

    Focus on the right problems while relying on governance and control to avoid unnecessary risk. Mobilize your organization. Build the change readiness muscle. And when the next big idea drops, turn it into an outcome quicker.

    More than 4,000 organizations in 46 countries use the Mendix low-code platform. An active community of over 300,000 developers has created over 950,000 applications – and counting.

    Choose your language