16. What is the Cloud Industry Forum (CIF) and do you offer information security policies and procedures for helping with CIF compliance?

The Cloud Industry Forum (CIF) is an organization that not only promotes the use of cloud services by businesses, but also advocates the ongoing development of self-certifying Code of Practices for improved transparency and uniformity within the industry itself. It's best to view the CIF as an organization who is championing the use of the cloud, along with various industry leading security safeguards that ultimately provide best practices for cloud safety.

Specifically, the CIF seeks to sustain a credible and certifiable Code of Practice for the Cloud Industry, along with continually encouraing the widespread adoption of the Code of Practice, while also championing the widespread adoption and use of cloud services. Additionally, the CIS aspires to leverage the Code of Practice through international affiliations and partnerships, while also supporting other cloud-based initiatives that complement the CIF's Code of Practices.

The CIF’s Code of Practice, according to http://www.cloudindustryforum.org, is “…for organizations offering to customers remotely hosted IT services of any type.” Other notable elements regarding the Code of Practice are the following:

  • Organizations claiming compliance with the code are to conduct an annual Self-Certification, along with confirming successful results to the CIF.
  • Successful self-certification allows the organization to use the Certification Mark (the ‘logo’) for the following year.
  • A listing of self-certification entities will be posted on the CIF website, at http://www.cloudindustryforum.org.
  • An organization can also opt for an actual Independent Certification performed by an approved CIF entity, ultimately allowing use of the “Independent Certification Mark” for the following year.
  • The CIF will conduct random audit Self-Certification, along with investigating any formal complaints of non-compliance against an organization that is actually claiming compliance.

In summary, the Cloud Industry Forum (CIF) is becoming a relevant and worthy addition to the cloud industry as a whole, due in large part to its comprehensive efforts in promoting the adoption of the cloud itself, along with security safeguards for protection of these services offered by organizations. You can download numerous white papers written by the CIF, along with becoming a member and getting involved. Moreover, self-certification for your cloud services is also available, so learn more today.

Policies and Procedures are Essential for the CIF Code of Practice 

As with almost any type of industry benchmark, standard, and framework, operational, business specific, and information security policies and procedures play big - and growing - role. Maybe the standard itself provides guidance on best practices for policies and procedures, or may it requires they be in place. As for the CIF Code of Practice, documented information security policies and procedures ultimately help organizations meet compliance with self-certification, or even through an independent auditor.

As such, the FLANK21 set of documents containing hundreds of policies, procedures, forms, checklists, templates, provisioning and hardening documents - and more - from FLANK, can be a vital component for ensuring compliance with the CIF Code of Practice.