APM Group outlines the path to successful CIF self-certification
Certification can provide CSPs with a valuable means to independently verify their services and capabilities, and to demonstrate their commitment to good practice.
But, according to APM Group, the Cloud Industry Forum’s (CIF) independent certification partner, the decision to certify or not will depend upon a number of different operational and market driven factors.
Richard Pharro, CEO of APM Group, commented: “The market demand for cloud certification is strong. According to the latest research from the Cloud Industry Forum (CIF), 78 percent of organisations currently using, or planning to use, cloud services see value in working with a Cloud Service Provider (CSP) that has signed up to a relevant Code of Practice,”
“Becoming self-certified to the CIF Code of Practice has significant benefits, but requires investment in time effort and money. CSPs need to be clear about their specific business requirements, the market in which they operate and, ultimately, what they are looking to achieve from certification, taking into account their wider and longer term growth strategies,” continued Pharro.
To this end, APM Group has outlined the ten steps that a CSP should consider carefully before embarking on the CIF self-certification process:
1.Is certification right?
The first step for any CSP considering certification is to assess whether or not it meets their broader business objectives. The certification question will depend heavily upon the market in which the CSP operates. Those CSPs operating in niche environments with little competition may consider certification to demonstrate corporate values of openness and transparency even though there may not be the need for their services to be differentiated.
2.Sifting and selecting
Certification schemes are many and selecting a certification scheme that will be relevant and credible can be challenging. Depending on the business requirements of the organisation, CIF certification may not be appropriate. In this instance, CSPs should look at the basis for other accreditations. Are they based on existing, well-known standards or are they founded on vague, meaningless terminology?
Expectation that CIF self-certification can be handled like a marketing exercise will most often result in frustration as applications will lack substance, and will likely fail to meet the certification criteria.
Successful applications will require appropriate planning. Certification can be time consuming. Typically the self-certification process has involved a few individuals part time drawing input from operations, finance and marketing as well as any existing internal quality assurance people.
5.Contact APM Group
In the first instance, CSPs are advised to contact APM Group to talk through the scheme requirements before, during and after the self-certification process.
Prior to application, CSPs should examine the precise terms of the certification scheme carefully and gather the documentation provided and take note of any short-comings. The CIF Code of Practice was recently updated to recognise existing certifications against international standards, documentation for which should also be prepared ahead of application.
CSPs should register and pay via the relevant fee according to their annual turnover via the CIF self-certification website https://selfcert.cloudindustryforum.org. Once registered, CSPs should create a public web page to fulfil the transparency requirements for publicly disclosed information.
Once all documentation has been collated and the required Professional Reference obtained, all documents must to be electronically signed. Adobe Acrobat is currently the only package accepted to digitally sign submissions. CSPs can submit their application once all signed documents have been uploaded and all data entry details are complete within the application system.
APM Group will notify CSPs of any shortcomings in their application. Capability areas typically requiring improvement, especially for smaller organisations relate to software license management and environmental impact management. There is also often a need to improve the provision for training and awareness across most capability areas. None of these improvements usually require significant effort, but specific focus is nonetheless needed.
CSPs will be issued the CIF Self-Certification Mark which can be added to their website to publically confirm certification.
“The value of the CIF Code of Practice self-certification lies in the rigour of the certification process. That said, we aim to make the process as clear and transparent as possible, and will assist applicants wherever possible to ease the path to certification,” concluded Pharro.