Version 2.0 of the CloudCode was released on 24 July 2013. See the changes here.
The CloudCode is a voluntary disclosure-based Code of Practice that has been developed to improve the standard of services being provided by Cloud Service Providers. It also provides Cloud Service Consumers with the ability to view and compare disclosure statements from Cloud Service Providers and make informed choices when considering a Cloud Service Provider.
There are two core commitments that all Signatories to the CloudCode make and a set of Disclosures that are at its core:
For the purpose of the CloudCode, Cloud Computing is defined as:
“On-demand scalable resources such as networks, servers and applications which are provided as a service, are accessible by the end user and can be rapidly provisioned and released with minimal effort or service provider interaction.”
This might include Software-as-a-Service, Infrastructure-as-a-Service, Platform-as-a-Service, or any variant that fits within this definition, and includes both public and private Cloud implementations. Products or services that don't strictly meet this definition but meet the spirit of the definition may be approved on a case-by-case basis. The definition is a simplified version of the full NIST definition to ensure it is both easy to understand and globally relevant.
The CloudCode document outlines these disclosures in detail, to ensure all CloudCode signatories meet the same obligations. Disclosures are in the following categories:
Disclosures are comprehensive but not overly burdensome on providers.
The CloudCode applies to businesses who offer remotely hosted IT services of any type, either within a country that has adopted the CloudCode or from a country that has adopted the CloudCode, that meet the definition of Cloud Computing above.
Products and services which meet the definition in spirit and are generally considered a Cloud offering, but are precluded due to an arbitrary matter related to the definition, will be considered by the CloudCode team on a case by case basis.
The CloudCode is a voluntary code of practice and by becoming a signatory, a service provider represents to the public that they comply with the CloudCode’s requirements.
The CloudCode does not in any way place legal obligations on signatories to the Code, however non compliance with the code by a signatory could result in liability under general law (e.g. for misleading and deceptive conduct, an offence under fair trading legislation in most countries).
The CloudCode document provides a full Complaints process.
The CloudCode complaints process is for consumers, companies and service providers who believe that a statement made by a CloudCode Signatory in their Disclosure Document is untrue or not accurate. The Register acts on complaints received, however the CloudCode Register itself may act as a Complainant if the CloudCode team suspects that a statement in a Disclosure Document is inaccurate.
This process is not intended for the following situations:
Any complaints of the above nature received will be referred back to the complainant.
You can view for more information about the CloudCode complaints procedure here.
The CloudCode is currently available for:
We are currently working with several groups to implement the CloudCode in other regions and countries and it is likely the CloudCode will be available elsewhere soon. If you would like more information on how the CloudCode can be adopted in your region, please contact us.