Skip to content

7. List of Gaia-X Conformity Assessment Bodies

All Gaia-X Conformity Assessment Bodies (CABs) which are accredited to attestate conformity against a permissable standard by a respective standards organizations body are accepted by Gaia-X.

Accreditation Bodies: ISO standard definition here

As of 06/06/2024, the list of the accepted accreditation bodies is located at https://www.iafcertsearch.org/search/accreditation-bodies

7.1 SecNumCloud

The list of official assessment bodies for SecNumCloud is located at https://cyber.gouv.fr/voir-les-centres-devaluation.

As of 28/05/2024, the list is the following one:

7.2 ISO 27001

The list of official certification bodies for ISO 27001 is located in InternationalAccreditationForum

As of 07/06, 501 CAB are accepted for ISO 27001 worlwide by IAF. They will not be listed in this document. The uptodate list is in the GAIA-X registry.

??? example “In France the accredidation body is located at COFRAC.

As of 03/06/24 the list of COFRAC for France is:

- [AFNOR Certification](www.afnor.org)
- [International Certification Trust Services France](www.certi-trust.com)
- [LNE](www.lne.fr)
- [LSTI](www.lsti-certification.fr)
- [SGS International Certification Service](http://www.fr.sgs.com/)
- [Skill4All](http://www.bestcertifs.com/)
- [Vigicert](http://www.vigicert.com/)

7.3 EU Cloud CoC

The list of official monitoring bodies able to deliver EU Cloud Code of Conduct assement is located at https://eucoc.cloud/en/public-register/assessment-procedure.

As of 03/06/24 the only one is:

7.4 CISPE Code of Conduct

The list of official assessment bodies for CISPE is located at https://www.codeofconduct.cloud/monitoring-bodies/.

As of 10/06/2024, the list is the following one:

7.5 Cloud Security Alliance

The list of official CSA certified STAR auditors is located at : https://cloudsecurityalliance.org/star/certified-star-auditors

As of 11/06/2024, more than forty CAB are accepted for CSA STAR so they will not be listed in this document. The up to date list is in the GAIA-X registry.

## BSI C5

As of 26/06/2024, BSI C5 doesn’t provide the list of official assessment bodies authoristed to issue BSI C5 attestion : BSI. As confirmed by BSI on 3/07/2024: “The BSI often receives enquiries regarding who can perform a C5 audit and whether the BSI can recommend or arrange auditors. The BSI does not as a principle make any such recommendations. The requirements for auditors are specified in Chapter 3 of the C5 and adhering to them should be specified as part of the contract to appoint an auditor.” SourceBSI – see the subsection “Recommending or appointing an auditor”.

It was found in a personnal website published in an Enisa document CyberSecurity Assessments ver Jan2024

As of 19/06/2024, 8 CAB are accepted for BSI C5 :

The uptodate list is in the GAIA-X registry.

7.6 SWIPO

As of the 13/06/2024, there is no CAB approved by SWIPO. You can find information regarding SWIPO at SWIPO Certification document.

As there is no SWIPO CAB, SWIPO permissible standard can be used only in case of declaration. SWIPO permissible standard can’t be used if certification is needed.

7.7 Climate Neutral Data Center Pact

As of the 17/06/2024 the CNDC Pact is a self assessment. More information : CNDC.

As CNDC Pact is a self assessment, CNDC permissible standard can be used only in case of declaration. CNDC Pact permissible standard can’t be used if certification is needed.

7.8 TISAX

The list of official TIXAS audit providers is located at https://enx.com/en-US/TISAX/xap/

As an example, the 11/06/2024 there were 15 assement bodies listed just in Germany. Worldwide accepted CAB will not be listed in this document. The up to date list is in the GAIA-X registry.

Suggest a modification