7. List of Gaia-X Conformity Assessment Bodies¶
All Gaia-X Conformity Assessment Bodies (CABs) which are accredited to attestate conformity against a permissable standard by a respective standards organizations body are accepted by Gaia-X.
Accreditation Bodies: ISO standard definition here
As of 06/06/2024, the list of the accepted accreditation bodies is located at https://www.iafcertsearch.org/search/accreditation-bodies
7.1 SecNumCloud¶
The list of official assessment bodies for SecNumCloud is located at https://cyber.gouv.fr/voir-les-centres-devaluation.
As of 28/05/2024, the list is the following one:
7.2 ISO 27001¶
The list of official certification bodies for ISO 27001 is located in InternationalAccreditationForum
As of 07/06, 501 CAB are accepted for ISO 27001 worlwide by IAF. They will not be listed in this document. The uptodate list is in the GAIA-X registry.
Note
In France the accredidation body is located at COFRAC.
As of 03/06/24 the list of COFRAC for France is:
- AFNOR Certification
- International Certification Trust Services France
- LNE
- LSTI
- SGS International Certification Service
- Skill4All
- Vigicert
7.3 EU Cloud CoC¶
The list of official monitoring bodies able to deliver EU Cloud Code of Conduct assement is located at https://eucoc.cloud/en/public-register/assessment-procedure.
As of 03/06/24 the only one is:
7.4 CISPE Code of Conduct¶
The list of official assessment bodies for CISPE is located at https://www.codeofconduct.cloud/monitoring-bodies/.
As of 10/06/2024, the list is the following one:
7.5 Cloud Security Alliance¶
The list of official CSA certified STAR auditors is located at : https://cloudsecurityalliance.org/star/certified-star-auditors
As of 11/06/2024, more than forty CAB are accepted for CSA STAR so they will not be listed in this document. The up to date list is in the GAIA-X registry.
## BSI C5
As of 26/06/2024, BSI C5 doesn’t provide the list of official assessment bodies authoristed to issue BSI C5 attestion : BSI. As confirmed by BSI on 3/07/2024: “The BSI often receives enquiries regarding who can perform a C5 audit and whether the BSI can recommend or arrange auditors. The BSI does not as a principle make any such recommendations. The requirements for auditors are specified in Chapter 3 of the C5 and adhering to them should be specified as part of the contract to appoint an auditor.” SourceBSI – see the subsection “Recommending or appointing an auditor”.
It was found in a personnal website published in an Enisa document CyberSecurity Assessments ver Jan2024
As of 19/06/2024, 8 CAB are accepted for BSI C5 :
- PwC Germany (DEU)
- HKKG (DEU)
- EY (DEU)
- BDO Deutschland (DEU)
- Rödl & Partner (DEU)
- TÜV Nord Group (DEU)
- Schellmann (US)
- Lazarus Alliance (US)
The uptodate list is in the GAIA-X registry.
7.6 SWIPO¶
As of the 13/06/2024, there is no CAB approved by SWIPO. You can find information regarding SWIPO at SWIPO Certification document.
As there is no SWIPO CAB, SWIPO permissible standard can be used only in case of declaration. SWIPO permissible standard can’t be used if certification is needed.
7.7 Climate Neutral Data Center Pact¶
As of the 17/06/2024 the CNDC Pact is a self assessment. More information : CNDC.
As CNDC Pact is a self assessment, CNDC permissible standard can be used only in case of declaration. CNDC Pact permissible standard can’t be used if certification is needed.
7.8 TISAX¶
The list of official TIXAS audit providers is located at https://enx.com/en-US/TISAX/xap/
As an example, the 11/06/2024 there were 15 assement bodies listed just in Germany. Worldwide accepted CAB will not be listed in this document. The up to date list is in the GAIA-X registry.