+Compliance (COM)
---+COM-01 Identification of Applicable Legal, Regulatory, Self-imposed or Contractual Requirements
------+COM-01.01B
------+COM-01.01AC
---+COM-02 Policy for Planning and Conducting Audits
------+COM-02.01B
------+COM-02.02B
------+COM-02.01AC
------+COM-02.01AS
------+COM-02 Supplementary Information - Complementary Customer Criteria
---+COM-03 Internal Audits of the Information Security Management System
------+COM-03.01B
------+COM-03.02B
------+COM-03.03B
------+COM-03.01AC
------+COM-03.02AC
------+COM-03.03AC
---+COM-04 Information on Information Security Performance and Management Assessment of the ISMS
------+COM-04.01B
------+COM-04.01AC
------+COM-04.02AC

1. Overview

Compliance (COM)

Objective: Avoid non-compliance with legal, regulatory, self-imposed or contractual information security and compliance requirements.

Summary	Standard
COM-01 Identification of Applicable Legal, Regulatory, Self-imposed or Contractual Requirements	-
COM-02 Policy for Planning and Conducting Audits	-
COM-03 Internal Audits of the Information Security Management System	-
COM-04 Information on Information Security Performance and Management Assessment of the ISMS	-

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html

Impressum German English