As Snowflake continues to expand our commitment to compliance, we are pleased to announce that we have successfully completed both C5 and TISAX attestations in Germany. 

Cloud Computing Compliance Controls Catalog (C5)

C5 is an audited standard establishing baselines for cloud security. It was initially created for government agencies and organizations that work with the government to ensure security baselines are met by their cloud service providers (CSPs). The private sector has also adopted this framework for evaluation of the security of their CSPs. For federal government authorities, a C5 attestation is a basic requirement in the procurement process.

The certification can be obtained for either the Basic requirements or Basic + Additional Criteria. In January 2024, Snowflake completed an independent third-party attestation on the suitability of the design and operational effectiveness of our controls to meet the C5 Basic criteria. 

Our compliance with C5 requirements demonstrates our ongoing commitment to meet the increase in heightened expectations of CSPs. Our customers across Europe can use Snowflake with the confidence that our service aligns with C5 Basic requirements. 

The Snowflake C5 Type 2 attestation report for the period May 1, 2023 to Oct. 31, 2023, can be downloaded here.

Leveraging Snowflake with C5 provides government organizations and regulated industries in Europe with a secure, compliant and cost-effective solution for storing, managing and analyzing data in the cloud. By leveraging Snowflake’s capabilities, organizations can achieve regulatory compliance, enhance data security, mitigate risks and drive value from their data assets.

Trusted Information Security Assessment Exchange (TISAX)

TISAX is a certification specifically designed to address the automotive industry’s cybersecurity requirements. TISAX focuses on the secure processing of information from business partners, the protection of prototypes, and the safeguarding of data in accordance with applicable data protection standards (e.g., the GDPR) for potential business transactions between automobile manufacturers and their service providers or suppliers. 

Organizations involved in business with major German automotive industry partners must generally obtain a TISAX certification. Assessment Level 3 (AL3) is required for data with a very high need for protection, such as confidential data or trade secret information. Snowflake’s TISAX certification is scoped to Information Security and Assessment Level 3.

Snowflake was evaluated and certified by independent third-party auditors on Nov. 11, 2023. The Certificate of Compliance demonstrating Snowflake’s compliance status is available on the European Network Exchange (ENX) Portal (scope ID: SFTWVT and assessment ID: AM8HWX-1). Snowflake automotive customers can now utilize Snowflake with confidence that our service meets the rigorous standards of TISAX.

Snowflake strives to continuously expand the scope of our compliance programs to help you meet your regulatory needs. Please reach out to your Snowflake account team if you have questions or feedback about C5, TISAX or any of our compliance certifications.

To learn more about our compliance and security programs, visit our Snowflake compliance page