Why the ECSA?

Mission

EuroCloud Europe (ECE) aims to facilitate acceptance for Cloud Services on the international market, as well as to support the consumer oriented provision of those services as their needs demand. Therefore, ECE maintains a constant dialogue with the partners of the EuroCloud network and various governmental organisations.
ECE is offering the certification scheme “EuroCloud Star Audit” (ECSA) in order to establish trust in cloud services both on the customer and the user side. The purpose of the ECSA and auditing Cloud Services is to provide an accountable quality rating of Cloud Services.

Vision

Considering the complexity of Cloud Service Provisioning in conjunction with compliance, security and data privacy, it becomes difficult for Customers to gain clarity and transparency about the various offerings. SMEs benefit significantly from the advantages of Cloud Services. As they have less experience in IT outsourcing, contractual clauses, SLA management , protection of sensitive data and data privacy legislation they require high quality, easy to use and appropriate support to perform cloud assessments. Unlike well-known classic IT related certifications such as ISO 27001/27002, ISAE3402 (former SAS70/SOX), the EuroCloud Star Audit takes the Cloud Service itself into the scope within the assessment of all relevant areas to address the key concerns of the customers
The ECSA certificate is a meaningful selection tool for customers who want to use trustworthy cloud services and it reduces the necessity to perform costly individual audits. With the ECSA, EuroCloud Europe delivers a valuable instrument with a high level of transparency and guidance for customers and providers alike.

Value Proposition

The EuroCloud Star Audit (ECSA) is a mature certification scheme, especially designed to asses cloud service. Established since the spring of 2011, EuroCloud evaluates a cloud service against the requirements of the ECSA audit scheme and covers all participants of the specific supply chain of a cloud service. 
The ECSA audit has a non-negotiable mandatory bandwidth of all important areas which include: provider's profile, contract and compliance including data privacy protection against local law, security, operations, environment and technical infrastructure, processes and relevant parts of the application and implementation up to interoperability and data portability. 
If a cloud services matches the ECSA audit criteria the ECSA certificate is granted. Providing there are no changes made within the cloud service profile and assessment areas, the certificate is valid for two years. 
The EuroCloud Star Audit is a joint activity performed by the ECSA eco system partners. As the ECSA has a modular structure and offers three attainment levels levels (indicted by awarded stars) it is not only suitable for large enterprises but can also be achieved by a SME-type of cloud provider.

Challenge

It is a challenge to select the best cloud provider for your needs from among the many offering cloud services in the market. Traditionally for selection of outsourcing partner(s), good selection criteria might include:

  • Long-established reputation for good service,
  • Direct contact with the provider, or often proximity of the provider’s IT facilities to the user’s location.
  • Experience with your industry sector and current IT platforms (software, hardware and infrastructure)

These are less likely to apply in the case of cloud computing whose services are

  • Usually leased, often with some element of the cost scaling up and down with the actual usage;
  • Constructed so as to be location, platform and industry independent.
  • Constantly evolving with new suppliers entering the market.

The way these services are provided is often highly complex and unrelated to the location of user and provider. For example, it may be necessary to check whether the software service of a provider in the same country as the user still has certain facilities (such as the computing and storage capacity) abroad and is thus subject to special data protection and fiscal requirements.

Criteria

The ECSA evaluates Cloud Services according to a set and published catalogue of criteria. The result of this audit process shows the respective level of service.

The certification procedure is based on best practices and provides answers to the main questions managers are likely to ask when looking for a suitable cloud service provider. Unlike purely security or data protection audits, it covers the whole range of cloud service functions and validates compliance with the requirements in clearly understandable terms.

Service providers with the EuroCloud seal of approval can demonstrate that they meet all relevant criteria, as confirmed on the basis of EuroCloud’s meticulous audit procedure.

Find out more about the ECSA catalogue in section:
PUBLICATIONS

Classification

Similar to the well-known hotel classification, the product is assigned “EuroCloud stars” from * up to *****In addition, the use of the respective EuroCloud Star Audit logo is licensed. This serves as an instant point of orientation for the potential customer.

Eco-system

EuroCloud Europe is building a world-wide eco-system of partners. Find out more about the ECSA Partner model:
PARTNER