That’s where the Cloud Industry Forum (CIF) comes in – an organization that Business Two Zero and D2C wholeheartedly supports (disclosure – actually I’m on their governance board – see below). CIF, a not for profit organization, was established in 2009 to provide transparency for the industry through certification to a Code of Practice for credible online Cloud Service Providers. The emphasis within the code is on best practice in the approach to service provision, rather than technical standards of programming. The code covers areas like contract terms, Service Level Agreements, data protection, data location, or transparency of the cloud service supply chain. These are the practical things that a buyer needs to know about the service they are signing up for. Organizations that apply for and conform to the Code of Practice get a “CIF Certified” quality mark. The process itself allows for a self-certification approach, although a full external audit can also be done if you want to pay for that. Self-certification brings the cost down to an affordable level (starts at £200 a year) for the smaller Cloud players, but it’s still properly policed by an independent organisation.
Members of the Cloud Industry Forum include Microsoft, Dell, VMware, Rackspace, Fasthosts, Claranet, Ingram Micro, Interxion, Memset, Nominet, Star, Mamut, FrontRange, Unit 4 (Agresso, FinancialForce), UKFast, Webroot, and is supported by vendor organizations like Intellect, EuroCloud UK, the British Application Software Developers Association and the UK Cloud Alliance. The Code of Practice was agreed in 2011, and the first wave of Cloud companies have just gone through the accreditation process. One of those is NexusAB, a 10 person SaaS company – they provide integrated quality assurance and technical inspection services for sub-surface drilling and completion departments. They work with oil field asset data, the most precious data that an oil company has. Their customers trust that precious data to the cloud and to a small company like NexusAB, but if you speak to them you’ll find that having CIF certification was instrumental in providing the level of comfort required to win their recent big deal with BP. That is exactly what the CIF Code of Practice is all about. Go here if you want to find out more. And please tell me if you think there is anything similar that companies should be considering.
Disclosure: I am on the Governance Board for the Code of Practice of the Cloud Industry Forum, a not for profit organisation, and I regularly speak on their behalf. In addition I chair Intellect’s Software as a Service Group, and I am a Director of EuroCloud UK.
A version of this article was first published on Fresh Business Thinking.