The Cloud Industry Forum (CIF) has launched its Code of Practice, which aims to standardise and certify enterprises offering Cloud Computing services.
Respondents to the two-month review process came from a broad range of industry sectors including service providers, software vendors, IT consultancies, analysts, and other industry bodies.
Organisations claiming compliance with the Code shall conduct an annual self-certification and confirm the successful results of this certification to the CIF in order to receive authorisation to use the certification mark for the ensuing 12 months. The self-certification claims will be listed on the CIF website and hyperlinked from the logo displayed on the participant site. Optionally, an organisation may opt for independent certification performed by a certification body approved by the CIF, and will then receive authorization to use the 'Independent Certification Mark' for the following year.
The CIF will spot-check and randomly audit self-certifications as well as investigate any formal complaint of non-compliance against an organisation claiming compliance with the Code. A false declaration or material non-conformity could result, at the CIF's discretion, in the suspension of the authorisation to use the Certification mark.
"Organisations seeking to use these services need a straightforward form of certification or 'Code of Practice' for potential suppliers that will accurately define the services offered and standards of operation and security," says Outsourcery joint CEO Piers Linney. "The consensus from the Code of Practice consultation exercise was that a major hurdle for increased adoption of the Cloud by businesses is that organisations need clarity around what the service providers do and do not offer. They also need to know what financial and operational substance there is behind these providers, and what assurances are in place in regard to security, confidentiality, and service levels.