Select your language

AS-S3C stands for absolute reliability

AS-S3C stands for absolute reliability

For us, an absolute matter of course

How to contact us

Basics & self-perception

On what basis do we act?

  • The Act on the Protection of Business Secrets (GeschGehG) states under § 9 (2) Exclusion of claims in case of unreasonableness:

  • The claims ... are excluded if fulfilment would be disproportionate in the individual case, taking into account in particular:
    the confidentiality measures taken

  • The GDPR mentions the need for TOMs (technical and organisational measures) in various places and speaks of "appropriate safeguards" for the processing of personal data when transferring data to third countries. Recital (91) also refers to the "state of the art".

  • The new Federal Data Protection Act (BDSG) also refers to the "state of the art" and due to the discontinuation of the appropriate "Privacy Shield" guarantee, new standard contractual clauses or Standard Contractual Clauses (SCC) have been published, which now require an assessment of the adequacy of legislation in third countries within the framework of a TIA (Transfer Impact Assessments).

  • What is to be understood by "state of the art" in case of doubt has been laid down by the ENISA (European Network and Information Security Agency) and Teletrust (Bundesverband IT-Sicherheit e.V., TeleTrusT) in the "State of the Art" handout (last update 2021).

Our self-perception: absolute reliability

We have drawn up our Code of Conduct (PDF file) for cooperation in a spirit of partnership, which sets out our self-erception of cooperation based on trust.


Establish compliance for Office 365

It is extremely time-consuming and therefore costly to establish data protection compliance for Office 365 with in-house resources. The necessary know-how is also not always available. If required, AS-S3C can take over the entire documentation process for you and ensure data protection compliance for your company in this area.

Data protection: Only a minimal extract of the requirements

  • Gain an overview of the types of personal data stored, including their locations.
  • Prevent data breaches Implement protection measures for personal data - incl. monitoring logging, data loss prevention, protection against the most common attack vectors.
  • Apply ongoing governance programmes for personal data - incl. ensuring compliance with corporate policies, implementing data retention policies.
  • Carry out a data protection impact assessment (DPIA) - including a risk assessment for the rights and fundamental freedoms of natural persons and an assessment of the necessity and proportionality of the data processing with regard to the DPIA.
  • Organise information security for clients - including definition of responsibilities within his organisation regarding security and protection of personal data.
  • Comprehensive lists of the requirements and efforts (see below) for establishing compliance with Office 365 without AS-S3C.


Compliance requirements without AS-S3C support

Using Office 365 as an example, we have explained the time-consuming and cost-intensive efforts required to prove compliance.


Sachsenring 43
50677 Cologne

phone +49 221 - 292 474 10

Sorry, this website uses features that your browser doesn’t support. Upgrade to a newer version of Firefox, Chrome, Safari, or Edge and you’ll be all set.