What is a cloud certification scheme?
Before buying a cloud service, customers want to know if the service is secure and reliable. But cloud computing services are complex and built up from many different ICT components (cables, large data centers, software, et cetera), so it is hard for individual customers to check all the technical details by themselves. Cloud providers have many customers (this is the main idea of cloud computing) so if all customers would check their security requirements separately, then this would mean double work. If each customer would want to do an on-site audit, for example, there would be long cues at the gates of data centers. Now, the idea of a certification scheme is to check one basic set of security requirements, once for all customers. In this way certification can simplify the procurement of cloud services by customers. Note that certification schemes do not replace the need for customers to do due-dilligence before procuring - certification is one way to simplify the process.
How to use this list?
CCSL gives an overview of different existing certification schemes which could be relevant for cloud computing customers. CCSL also shows which are the main characteristics of each certification scheme. For example, CCSL answers questions like "which are the underlying standards?", "who issues the certifications", "is the cloud service provider audited?", "who audits?", et cetera. CCSL provides links and references to each certification schemes for further reading.
Click on the icons of each certification scheme below, to view the characteristics of each scheme. In the future more certification schemes will be listed. The icons are shown in no particular order.