TÜV Rheinland Certified Cloud Service

 

Name of the programme: Certified Cloud Service

Governing of the standard: TÜV Rheinland

Accreditation Body/Bodies: Self-accredited

Scope: Data security, data privacy, trustworthiness, transparency and quality

Cloud-relevance: Cloud specific

Type of certifiable organisation: Any – SaaS, PaaS, IaaS

Type of trust models applicable: Third party assessment with certification

Is the certification proprietary or open: Proprietary

Programme, status (operational, in development): Operational

The following text is based on information received from TÜV Rheinland:
 
Certified Cloud Service is TÜV Rheinland's certification for cloud services of any kind and any operation model. Trustworthiness, transparency and quality are the key criteria in a company's search for a cloud service - whether it wants to use infrastructure as a service, platform as a service or software as a service, one of the greatest issues for potential customers is the security of their corporate data.
 
TÜV Rheinland experts have developed the "Certified Cloud Service" certificate based on the most essential information security standards such as ISO 27001 basic protection standards issued by the German Federal Office for Information Technology and ITIL®.
 
Their experts have developed an extensive catalogue of requirements and criteria for cloud services, to cover the respective requirements of the different cloud models. The requirements catalogue is based on standards, studies and on selected regulations and recommendations.
 
The auditing procedure for Cloud Service certification combines a variety of methods:
 
Analysis of concepts and processes, used in various fields – including hypervisor, virtualization of data centers, systems, access concepts, networks, system interfaces, administrative processes, services, processes and compliance.
 
Audit interviews to check how far the requirements have been implemented and check the quality and sustainability of processes.
 
Checking adherence to performance pledges in contracts and SLAs.
 
Stress test of the cloud service architecture.
 
Use of penetration tests in technical detail checks to identify possible safety gaps.
 
The procedure draws up a retractable and authoritative statement of the pledges of quality and performance – precisely tailored for the cloud. Transparent for customers and interested parties, and available in TÜV Rheinland certipedia database.
 
Once acquired, cloud certification is valid for three year and can subsequently be renewed. During this time TÜV Rheinland keeps a regular check on the validity of the quality evidenced in the certificate.
Side Menu Category: