Skip to content
C5:2026 READINESS PLATFORM

The Testat is coming. We get you ready.

awedit gets cloud and SaaS providers ready for the BSI C5 Testat. AI scans your setup against all 121 criteria, experts review every finding, and you walk to the Wirtschaftsprüfer with a report they actually want to see.

Orientation, not evidence.

HostingEU · DE-hosted
Quality assuranceExpert-reviewed
Compliance scope§393 aware
Dossier · ReadinessAW-C5-2026
121
AI check

Criteria matched automatically against your cloud setup.

17
Domains

Structured, audit-grade documentation end to end.

Expert review

Every finding is signed off by a person who stands behind it.

AI detects. Experts decide. Auditors attest.

Timeline→ 2027-06-01
Since 01.07.2025

§393 SGB V requires a Typ-2-Testat for cloud processing of health and social data.

From 28.02.2027

C5:2020 reports with periods ending after this date must already disclose C5:2026 migration plans.

From 01.06.2027

C5:2026 becomes binding: 168 criteria, 462 sub-criteria. The re-mapping wave is real.

Section · 01

How it works

Step 01

We scan.

AI-assisted analysis of your organisation, product and evidence against the C5 basic criteria. Every gap gets a criterion ID, not a vibe.

step_01.out
Step 02

We fix.

A prioritized remediation plan, sequenced the way auditors think: observation-period killers first, engineering lead-time second, paperwork last.

step_02.out
Step 03

They sign.

Your Wirtschaftsprüfer gets a handover pack built for their acceptance logic. We prepare, they attest. That separation is not a limitation, it is the law, and it keeps everyone conflict-free.

step_03.out
Free · 12 questions · 2 minutes

Where do you stand? Two minutes. Zero cost. Aha included.

Twelve questions, instant orientation across your §393 exposure, your catalog window and your biggest gaps. No account, no sales call, no PDF ambush.

Start the free Self-CheckOrientation, not evidence.
Gap size17 / 121
OIS-01
78%
CRY-04
52%
OPS-18
34%
IDM-07
66%
Section · 02

One report, three audiences.

Management gets the executive gap picture and the cost/timeline reality. Your team gets 121 criterion-level findings with priorities and owners. Your auditor gets a Systembeschreibung skeleton and a control matrix in the structure they test against. Handover-ready means exactly that.

For management
01

Executive gap picture

Cost and timeline reality, in one page.

Gap size17 / 121
For your team
02

121 criterion-level findings

Priorities and owners, ready to work.

OPS-18 · SLAhigh
IDM-07 · MFAmed
CRY-04 · TLSlow
For your auditor
03

Systembeschreibung skeleton

Control matrix in the structure they test against.

report_v3.pdf2027-05-14
report_v2.pdf2027-03-02
report_v1.pdf2027-01-11
AI detects. Experts decide. Auditors attest.

AI = Actual Intelligence.

Our scanner reads artifacts fast and never gets tired. Our experts overrule it whenever context beats pattern. Every finding in your report has passed a human who signs their name under their judgment. The only signature we never provide is the one under the Testat: that belongs to the Wirtschaftsprüfer, exclusively, and we would not have it any other way.

01
121
Basic criteria in the current scan
02
39
New criteria in the 2026 preview
03
17
Domains covered end to end
Live scan
OIS-01 → PSS-112027-06-01
Clinician reviewing a readiness dashboard in a hospital IT operations room.
§393 SGB V
Section · 03

§393 SGB V is not a suggestion.

Health and social data in the cloud requires a current C5 Testat over the basic criteria, EU/EEA processing, and implemented customer-side controls. Enforcement runs through procurement: the Kasse asks, the contract answers. We keep you ready for the asking. If you ride the C5GleichwV bridge, we map your gap analysis and milestone plan so the bridge ends on solid ground, not in July 2027 fog.

Target date
T-minus 331d
2027-06-01

Binding for audit periods starting on this date under §393 SGB V.

Orientation, not evidence.

Section · 04

168 criteria are coming. Your 121 will move.

Of the 168 criteria in C5:2026: 78 keep their C5:2020 ID, 51 are remapped to new IDs, 39 are brand new. On the 2020 side, only two criteria retire without a successor. Your report shows the delta today, so the 2027 audit period does not start with archaeology.

OF 168 IN C5:2026
78
KEEP THEIR ID
51
REMAPPED
39
BRAND NEW
2
RETIRE
FROM C5:2020
Section · 05

Pick your engagement.

Four tiers, one direction: readiness.

Self-Check
01
free

Orientation in minutes.

Talk to us
Most relevant
Scan + Report
02
Sprint

Full 17-domain analysis, expert-reviewed, handover-ready report.

Talk to us
Remediation
03
MVP/Product

We close the gaps with you, criterion by criterion.

Talk to us
C5 Cycle
04
Care

Annual readiness, re-scans, C5:2026 migration, auditor liaison.

Talk to us

Orientation, not evidence.

Section · 06

Fair questions.

01Is there a C5 certificate?

No. There is no C5 certificate, only a Testat issued by a Wirtschaftsprüfer after an ISAE 3000 / IDW PS 860 engagement. Anyone selling you 'C5-zertifiziert' is selling you a category error.

02Can a tool make me compliant?

No tool alone achieves readiness or compliance, including ours. AI detects, experts decide, auditors attest.

03Does my hyperscaler's Testat cover me?

No. AWS, Azure and GCP Testate cover their layers. Your SaaS layers need their own. The prevailing legal view for §393: the SaaS vendor itself needs the Testat.

04What does a Testat cost?

Market signals: €60k to 120k for a classic Typ 2 engagement, more without an ISMS baseline, plus 3 to 6 months of auditor waitlist. Preparation quality is the main cost lever, and the one you control.

05Typ 1 or Typ 2?

Typ 1 exists once, for first-timers. §393 requires Typ 2 since 01.07.2025; new-to-market systems (after 30.06.2025) get an 18-month Typ-1 lane. We map your case in the Self-Check.