en
Support
Status
Shop
Open Source drives Innovation and Sovereignty
Developing verinice at SerNet since 2006 has been guided by the principles of sovereignty through openness and transparency. The code developed by SerNet itself is published under the open source licence A-GPL and made available for free download on GitHub.
The libraries, frameworks, APIs and third-party tools used by verinice are continuously documented in the software and in the release notes. The documentation of the technical team at GitHub provides evidence of the licences used in verinice.
The verinice team is happy to exchange ideas about code and licences! Please use the verinice forum or mail the developers.
NIS 2, ISO 27001 & C5
SerNet offers the use of verinice as a cloud service (SaaS) under the name verinice.cloud. In doing so, we comply with the requirements of the European NIS 2 Directive for “network and information security.” SerNet operates cybersecurity management for its own infrastructure and products in accordance with the requirements of ISO 27001.
verinice.cloud is currently operated in an ISO 27001-certified data center at Hostserver GmbH in Germany on hardware provided specifically for SerNet. The databases are stored unencrypted on dedicated bare-metal hard drives in a RAID configuration. Encryption is then performed for storage in the regularly performed backup.
Hosting under the conditions of the C5 Catalog (Criteria Catalog C5 – Cloud Computing Compliance Criteria Catalog) is expected to be available from SerNet at SysEleven in Berlin from Q2 2026. Part of the catalog, which comprises a total of 114 measures, includes encryption at rest (under Ceph at OSD level via LUKS/dm-crypt with AES-512). The implementation and effectiveness of all measures is confirmed by a Type 2 attestation.
For requirements that go beyond this, the product verinice.onprem is suitable, which enables operation completely under the customer's own supervision in a separate instance in accordance with customer-specific compliance requirements.
CRA & SBOM
We follow the requirements of the European CRA (Cyber Resilience Act) for the provision of software for operation on premise at customers' own data centres or at the hoster of their choice.
SerNet continuously provides SBOM for verinice – the Software Bill of Materials. This is how we document the supply chain and the ‘software lifecycle’ according to the state of the art.
Accessibility
For optimal usability, SerNet develops verinice to be as barrier-free as possible, in accordance with the requirements of DIN EN 301549. Wherever possible, development is based on the guidelines of the Barrier-free Information Technology Ordinance BITV 2.0 and the international Web Content Accessibility Guidelines WCAG 2.1 and the level AAA success criteria.
Do you have any suggestions or comments specifically regarding accessibility? Feel free to contact us at any time!
Privacy: Data Processing
Personal data can be processed on the verinice.cloud platform at veo.verinice.com. SerNet offers a Data Processing Agreement for the correct drafting of contracts in accordance with the requirements of the GDPR.
To do this, download the PDF here and fill it out on the screen. (If you need the contract in English, please send us a note.) You can then sign it digitally or print it out, sign it and scan it again. Please send the signed PDF to SerNet's sales department: sales@sernet.de.
