The 2012 Communication "Unleashing the Potential of Cloud Computing in Europe" included an action for certification. Therefore, within the Cloud Select Industry Group (C-SIG) the subgroup on Certification Schemes (SIG-Cert) was established with support from the European Union Network and Information Security Agency (ENISA).
Together SIG-Cert and the European Union Agency for Network and Information Security (ENISA) delivered a list of (voluntary) certification schemes for the cloud (CCSL) to give potential cloud customers more transparency about certification schemes and how they relate to the cloud.
As an extension of the CCSL, SIG-Cert and ENISA also delivered the Cloud Certification Schemes Metaframework (CCSM) in order to facilitate the use of existing certification schemes during procurement of cloud services. It provides a neutral, high-level mapping of potential customers' security requirements to security objectives in existing cloud certification schemes.
Information security and certification of cloud computing services are still barriers to the use of cloud computing services in Europe according to the 2014 Eurostat report and the 2015 EU28 Cloud Security Conference.
This C-SIG on Certification Schemes is open for participation by interested stakeholders in the field of cloud computing. Currently the group consists of members of more than 30 organisations in the field of cloud computing and certification.
The group started its work and amongst others delivered a list of existing cloud relevant certification schemes in the field of security and data protection, and a set of important principles and recommendations on cloud certification.
These intermediary results were validated with the support of ENISA.
After discussing with the group, ENISA published the list of cloud relevant security certification schemes , thereby completing the work on the key action on cloud computing certification of the European Cloud Computing Strategy.
The list of cloud relevant security certification schemes was finalised by ENISA and the Metaframework of cloud security certification schemes was launched by ENISA.
The list of cloud relevant security certification schemes is published on ENISA's website.
If you are interested in shaping the EU's policy on cloud computing certification and your organisation is able to actively contribute to the work of the C-SIG working group, you are invited to join and participate in its work.
Please contact: Mr Mark Smitham