Commenting on the drive to certification, Peter Groucutt, Managing Director at Databarracks, says: “What stands the CIF Code of Practice apart is the basis of the accreditation. It is independently developed and governed and has clear enforcement of the certification process to maintain standards and integrity. There are lots of standards bodies out there offering accreditations making it easy for organisations to pick and choose standards that require the least investment or the least work. The CIF Code of Practice, on the other hand, is based on established, well-known standards, which many of our customers recognise and indeed expect, so it was an easy choice for us.
“Being certified the CIF Code of Practice (CoP) is further indication that Databarracks is committed to delivering the highest standards of service,” he adds.
Groucutt talks through the process for Databarracks: “When we first started our application for Certification, our main concerns were the time and effort involved. However, as we had just been through ISO 9001 and ISO 27001 certifications we had a number of documented processes in place that matched the scope of services for the Code of Practice.
“As a company, we strive to be open and transparent about our services, however, by working through the process, we realised we were not as explicit as the Code of Practice required in certain areas. They may have seemed small but they make a big difference for our customers.
“CIF’s Cloud Service Provider Code of Practice requires Databarracks to be transparent to customers and prospective customers about certain aspects of our services. We have adopted these elements and clarified them as part of our business offering going forward. Specific company information is also now available on our website alongside the CIF certified logo as our committed mark to quality, rigour and transparency,” he continues.
The benefits for the end user are being able to evaluate the certified companies against the guidance and rationale set out in the Code of Practice, thus allowing for a more thorough and informed decision when choosing a supplier.
Groucutt adds: “The big benefit for us is that our customers can see very quickly that we are a trustworthy Cloud Service Provider. By becoming Certified to the Code of Practice, end users can see straight away that we have been judged by an external body to have good business practices in place, solid contracts, honest online sales literature and that we meet the Code of Practice requirements for transparency.”
The CIF Certified logo will be visible on a certified company’s website and hyperlinked to a set of public declarations that set out basic information that any potential customer may wish to know.
“With so many cloud providers in the market place, CIF’s Code of Practice, alongside our certifications for ISO 27001 and ISO 9001, indicates that we have been independently assessed and recognised as a being a responsible, credible and accountable cloud provider by a credible organisation,” Groucutt continues.
The role of APM Group
The entire process is overseen by APM Group, who provide supporting documentation, guidance where required, and assess applications for Self Certification.
Peter Groucutt comments: “When we did have questions about how we needed to present our documentation or clarity over particular areas, APM Group were very quick to help. We were able to make use of our existing certifications, which helped speed up the process. We did have a problem with how we presented our evidence of the existing certifications but again APM Group were great communicating what the problems were and how we needed to fix them.”
Richard Pharro, CEO at APM Group, concludes: ”An essential part of the value of CSP Code of Practice is the process. Becoming self-certified to the Code of Practice is rigorous and requires time and effort. That said, we aim to make the process as clear and transparent as possible and provide guidance and care to applicants where needed, during and after.”