Code of Practice for Cloud Service Providers | Cloud industry forum

Code of Practice for Cloud Service Providers

In September 2017 the Cloud Industry Forum announced an update to the Code of Practice to incorporate key components of the General Data Protection Regulation (GDPR).  

Whilst the GDPR additions to the Code cannot ensure complete compliance to the Regulation they will offer both providers and customers much greater confidence that they are proceeding appropriately towards GDPR.

More information on the GDPR is available from the ICO website.


The purpose of the Code of Practice for Cloud Service Providers ("Code") is to bring greater transparency and trust to doing business in the cloud. 

Code of Practice certified cloud service providers have declared and committed to providing good quality services that adhere to the guidelines and best practices set out in the COP. 

The COP is a comprehensive framework that enables service providers to benchmark their operations against standards developed by their peers and in many ways is a checklist for best practice in the provision of cloud services.  

The COP covers a broad range of areas and disciplines but focuses on TRANSPARENCY, CAPABILITY & ACCOUNTABILITY

For Consumers of Cloud Services

  • Increased confidence when using certified service providers
  • Additional reference point when selecting service or technology providers
  • Continued enhancement and evolution of the  COP to ensure relevance and quality


For Cloud Service providers

  • Credible and recognised certification declaring operational best practice
  • Use the COP as a blue print for service development
  • Help promote your services via COP awareness
  • Highlight service quality in the market
  • PR & News activity related to certification

Become a Registered Supplier

Cloud Service Providers can begin their journey to Certification by becoming a Registered Supplier. This acts as a stepping stone to Certification and is free to enter, but providers may not describe themselves as Certified or use the CIF Certified logo. Once registered, providers have 12 months to complete their Certification.

Certification types

CIF Certified The Certified Mark identifies an organisation that has Self Certified to the Cloud Service Provider Code of Practice and the public declarations are accessible on the suppliers website and the CIF website Register of Certified Organisation.



The Certified+ Mark is a higher level mark that identifies an organisation that has been independently assessed by an Accredited Assessor as being compliant with the Code of Practice. The public declarations will be visible on both the Suppliers own website and the CIF website register of Certified organisations.