CIF code aims to boost confidence in the cloud

Code of practice focuses on transparency, capability and accountability

The Cloud Industry Forum (CIF) launched its code of practice today following an extensive period of public consultation and piloting.

The code aims to increase enterprise confidence in cloud services, and the CIF consulted more than 200 organisations during its development, which began in October 2009.

Service providers claiming compliance with the new code will be expected to carry out an annual self-certification process and pass on the results to the CIF, which will then decide whether to authorise use of the certification mark.

There are three pillars to the code.

The first is transparency:

Two categories of information should be disclosed by cloud providers. The first, which must be disclosed publicly, should include:

• Corporate identity, with details of directors and management;

• The scope of the organisation both geographic as well as its range of services;

• A statement regarding how far it will accept indirect responsibility. For example, what would it do when a client company's customers want to access their own data where the company in question has gone into liquidation.

The second part of the section on transparency regards information connected to proposals and specific contracts. Information here should include:

• Commercial terms being provided - such as pricing policy and payment terms;

• Financial stability incorporating capital ownership structure and liability insurance;

• A personnel profile including details of staff - there should be employee vetting procedures undertaken too;

• Customer migration paths at contract termination, with format of data provision and transfer as well as cost implications.

The second pillar is around capability:

• This states that an organisation must be able to perform essential management functions, demonstrated by auditable documented management systems including written policies and procedures. It should also detail responsibilities held by specific individuals and their appropriate training.

The third pillar regards accountability:

Organisations complying with the code should:

• Provide formal procedures for complaint resolution;

• Agree to binding arbitration in local courts for the settlement of disputes.

Andy Burton, chairman of CIF and CEO of Fasthosts, said: "An important part of the code's development was the fact that many of our members piloted it themselves. This raised a number of issues that have since been resolved relating to governance, transparency and capability."