Selecting cloud service providers could become easier, thanks to changes made today to the Cloud Industry Forum (CIF) code of practice.
In 2010, CIF published a the code to promote the adoption of cloud-based services. It previously relied on self-certification, backed by independent certification.
Today's change means this self certification process now includes international industry standards, meaning cloud providers applying for the CIF code of practice self-certification can use existing appropriately scoped certifications awarded by third-party certification bodies in place of management system documentation.
This recognition covers standards and certifications including ISO 9001, ISO 14001 and ISO 27001, amongst others, all of which have alignment with the operational and capability requirements of the CIF code of practice, said the organisation.
Richard Pharro, CEO of APM Group - a company which provides independent certification for cloud service providers - said: “The primary concerns about cloud adoption are data security, data privacy and data sovereignty. Ultimately, end users are looking for assurances when they migrate to the cloud.”
APM is a certification partner for CIF. It is used to validate the documentation cloud providers submit for self-assessment..
Jessica Barry, accreditation coordinator, at APM Group, said: “The CIF code of practice has cross-overs with international standards. CIF has recognised the alignment with these standards. So Section B [in the code of practice] covering organisational capabilities, such as how cloud providers manage all aspects of their organisations, is covered by ISO standards.”
CIF aims to make its code of practice a de facto standard. Barry added that aligning CIF with ISO standards made sense, in terms of simplifying procurement decisions, given end users are more aware of ISO certification.