In order for CIF and the Cloud Service Provider Self-Certification process to remain credible and trusted it needs to have an appropriate governance and enforcement model in place to oversee the development of the Code, undertake random audits of participants' Self-Certification claims, investigate complaints and, where appropriate, withdraw a Self-Certification in the event that participants' claims are proven to be untrue.
To that end CIF will maintain an independent and diverse Governance Board to represent the wider stakeholder communities made up as follows:
- 4 Members from industry vendors
- 3 Members from end-user organisations or User Groups
- 3 Members from independent advisors (academics, IT standards champions, etc).
- 2 Members from IT legal practice
Any 6 Board members and the Chairman represent a Quorum, or 8 Board members excluding the Chairman.
An additional 4 non-voting seats are reserved for representatives of formally recognised partner organisations that are aligned to the Code by specialism (e.g. technology or security standards) or by international focus (extending the reach of the Code).
Board members may stand for re-election after service of two years but must retire after a second term.
The Governance Board is convened bi-monthly to review progress and actions arising, and to ensure the strategic direction of the CIF and the Code of Practice is maintained.