The hardware is put through his paces. The test consists of several parts which examine technical, logical and functional factors.

The considered areas include among others: used software, communication, access types, patch management as well as storage of data.

The software is tested analogous to the hardware. Besides the communication and the storage of the data also important aspects from the law are considered. The conformity with the general data protection regulation plays an important part in the test. Here the principles ‘Privacy by Default’ (pre-set) and ‘Privacy by Design’ (technical design) play a large role.

At a central administration of the data in a cloud all relevant aspects of the general data protection regulation have to be considered. During this test the focus is on the availability, authenticity and integrity of the data. Here, besides the documentation of the cloud its vulnerability is checked in a pen test.