Self-test: Digital sovereignty

Does your company have full control over its IT infrastructure by using agreed standards and open-source software and by avoiding opaque systems and vendor-lock-in?

Can your company switch providers at any time without being blocked by proprietary technologies, interfaces or lock-ins, and can critical systems be used independently in an emergency?

Does your company receive reliable support, and are emergency plans known to relevant people and are able to be executed?

Do your company and its employees possess the necessary knowledge of your IT infrastructure and its operation, and is there clear documentation available so that decisions can be made on this basis in an emergency?

Are contracts regarding IT infrastructure and operations transparent, fair, legally reviewed for grey areas, and is cost development regularly monitored to allow for switching to alternatives if necessary?

Do your IT components subject exclusively to European or German law, are free from disclosure obligations to third countries, and do they contain exit and transfer agreements?

Does your company have full control over storage location, access, encryption, and the prevention of exfiltration?

Are your data regularly backed up, securely stored, correctly archived, and completely and verifiably deleted when necessary?

Does your company continuously monitor its level of digital sovereignty, its systems, services, and security risks in order to react early?

Does your company adhere to recognized standards and conduct regular audits to demonstrably ensure quality and safety?