The Code of Practice, initially launched in 2010 following an extensive period of public consultation and piloting, is a credible, certifiable tool that allows Cloud Service Providers (CSPs) to demonstrate that they meet specified requirements of transparency, accountability and capability. It aims to standardise enterprises offering Cloud services to provide clarity, transparency and assurance to end users seeking to migrate to the Cloud.
The update means that organisations applying for the CIF CoP Self-Certification can use existing appropriately scoped certifications awarded by third-party Certification Bodies in place of management system documentation. This recognition covers standards and certifications including ISO 9001, ISO 14001 and ISO 27001 amongst others, all of which have clear alignment with the Operational and Capability requirements of the CIF CoP.
Efforts have also been made to clarify documentation to assist CSPs in the certification process. The changes are designed to provide applicants with a better understanding of what the full Self-Certification process involves and what they should expect. Applicants will now have access to additional guidance and advice to ensure that they can prepare and demonstrate compliance with the requirements of both CIF and APM Group.
Richard Pharro, CEO of APM Group commented: “The Cloud market is clearly in need of credible and certifiable Code of Practice that provides CSPs with a benchmark for their services and a tool to demonstrate their compliance with best practice. The problem is that for many CSPs certification can seem like a formidable and arduous process. By updating the Code of Practice, and integrating existing ISO certifications, we hope to make this process as efficient as possible. The APM Group will also assist Cloud providers through the certification process with hand-holding support and additional clarification as required.”
The benefits of the Code of Practice are twofold; certification offers CSPs the opportunity to publically demonstrate that they are serious about delivering quality service and products to their customers. Similarly, it provides end users with a Kitemark, which guarantees that the CSP in question meets the recommended minimum requirements in transparency, capability and accountability, as indicated by the Cloud Industry Forum CoP.
“The business case for certification is compelling,” Pharro continued. “According to the latest CIF research, 78 per cent of organisations currently using, or planning to use, Cloud services see value in working with a CSP that has signed up to an industry Code of Practice. Considering that some 62 per cent of UK businesses are formally using a Cloud service, certification could prove very fruitful.
“The primary concerns about Cloud adoption are data security, data privacy and data sovereignty. Ultimately, end users are looking for assurances when they migrate to the Cloud. Certification schemes, such as CIF’s Code of Practice, offer CSPs the opportunity to secure independent validation that their products or services meet recognised security and quality standards and provide Cloud users with assurance and confidence in services provided,” Pharro concluded.