Frameworks
Cloud security for the European market with BSI C5 2020
Selling cloud services to German enterprises and public sector buyers means proving you meet the BSI's Cloud Computing Compliance Criteria Catalogue (C5).
Tidal Control builds your C5 2020 evidence base. Implement the basic and additional criteria, map them to controls you already have under ISO 27001, and produce the attestation report your customers ask for in procurement.
Trusted by
How Tidal helps you get certified
Hit the ground running
Start with our pre-built controls, policies, and risk assessment templates.
Our platform guides you through establishing your ISMS scope, identifying assets, and implementing right-sized controls that match your business needs.
Why Tidal Control
We understand your challenges because we've been there. Our team of GRC experts and security professionals built Tidal to solve the real problems compliance teams face every day.
Made in Europe
Built and hosted in Europe. Your compliance data stays in the EU for full control and peace of mind.
Continuous automation
Automated evidence collection from cloud providers and development tools working 24/7 for you.
Real security
Build secure systems that protect your business and satisfy auditors, not just check compliance boxes.
Expert guidance included
Certified GRC professionals provide expert guidance whenever you need it, included in your plan.
30+ audit-proof templates
Complete library of policies and controls, battle-tested through hundreds of audits.
Implementation included
We set up your compliance programme, so you can run on autopilot from day one.
Go beyond BSI C5 2020
Explore complementary frameworks that strengthen your cloud security posture.
ISO 27001
C5 reuses the ISO 27001 controls structure. If you're targeting C5, ISO 27001 certification gets you most of the way there and is recognised by every German enterprise buyer.
ISO 27017
The international cloud-extension of ISO 27001. ISO 27017 controls overlap heavily with C5 basic criteria and are recognised globally, not just in the DACH region.
ISO 27018
Cloud privacy controls for personal data. If your German enterprise buyers also care about GDPR compliance in the cloud, ISO 27018 pairs naturally with C5.
SOC 2
The US-market equivalent attestation. Many cloud providers run C5 (for the DACH market) and SOC 2 (for US enterprise buyers) in parallel — Tidal handles both from one control set.
Integrate with your existing tools
Testimonials
What our customers say
With a single click, one Tidal test checks dozens of disks for encryption. Doing that manually would take a lot of time.
