168
o
Redundant power supply with UPS operation for at least 20
minutes
o
Redundant Internet connection
o
Access control
o
Fundamental facility security
Contractual agreements are compliant with data protection
requirements in the sense of the German Federal Data Protection
Act
Reasonable provisions for contract termination
Clear agreements concerning customer data without right of
retention by the contractor
Contractual provisions with documented data export interfaces for
returning and deleting the customer data on termination of the
contractual agreement.
Two‐Star Certification
In addition to the requirements stated previously, the following mandatory
criteria are fulfilled:
The vendor provides verifiable information about the guaranteed
services in terms of availability and speed of the application.
Reporting functions are provided to confirm the fulfilment of the
service agreement.
The technical facilities fulfil the minimum requirements for a
datacentre regarding redundancy of the technical services. Risks and
building security are documented by the provider.
The export formats for customer data are consistently documented
and available for migration to other environments.
Three‐Star Certification
In addition to the requirements stated previously, the following mandatory
criteria are fulfilled:
The provider supports the choice of national jurisdiction by the user,
or offers a contract subject to the user's legal system.