EN中文DESKFRSI

Compliance

Introduction

EuroCloud Europe (ECE) is an independent non-profit organisation that aims to facilitate acceptance of Cloud Services on the European and global market. In order to establish trust in cloud services EuroCloud Europe develops and operates the programme EuroCloud Star Audit (ECSA).

The purpose of the EuroCloud Star Audit certification is to gain transparency and to increase confidence in Cloud Services by the performing neutral audits by vendor independent, accredited auditors according to a defined set of published audit criteria. ECSA is providing several assessment tools for cloud providers, cloud users, consultants and auditors in order to compare, assess or audit cloud services.

Operational Framework

The ECSA directorate of EuroCloud Europe is responsible for the activities of the EuroCloud Star Audit programme. All activities of the directorate are under “non-profit & non- external sponsor” principals.

Non profit: The ECSA program is operated as a financially independent, non commercial unit of EuroCloud Europe. Financial contributions for ECSA services and ECSA membership fees are solely to enable the further development and operation of the ECSA programme, continuous maintenance and further development of the audit catalogue and the operational audit procedures, the accreditation procedures, the performance of accreditations and the issue of ECSA certificates.

The ECSA Programme Director is responsible for the management and further development of the ECSA programme and reports to the board of EuroCloud Europe.  The director is appointed by the ECE board and approved by the ECE council. The ECE board of directors monitor and supervise the ECSA programme performance and the correct execution of the tasks carried out by the ECSA management.

Content Development EuroCloud Europe is the only organisation worldwide that is permitted to continuously improve and develop the ECSA catalogue audit scope, online tools such as the Academy, and assessment. The responsibility for this activity is appointed to the ECSA Directorate supported by the international Advisory Board.

Accreditations are solely and exclusively appointed, terminated or withdrawn by the ECSA Directorate enabled by the board of EuroCloud Europe. No other organisation is permitted to perform this task. Accreditations are only valid if published online on the ECSA website. Complaints can be raised via webform at any time and will be examined by the ECSA director and two members of the board of EuroCloud Europe, who will make a joint decision on whether the complaint is valid.

Certificates are the written proof of the positive results of an ECSA audit process that was performed by an independent Audit organisation and by accredited auditors. They are exclusively issued by EuroCloud Europe.  Certifications are only valid if published online on the ECSA website.

The ECSA-Advisory Board consists of representatives of the ECSA partner organisations, Government or federal offices, Cloud-research organisations, law-firms and other senior cloud experts. The ECSA Advisory board supports the directorate in the continuous improvement and further development of the EuroCloud Star Audit programme to ensure its content remains up to date and continuously matches the high quality standard of EuroCloud Europe.

The Compliance Board consists of two board members of EuroCloud Europe and the ECSA director. This Compliance board monitors the activities of the entire ECSA-ecosystem and will act on complaints regarding compliance related issues. An online form “http://eurocloud-staraudit.eu/home/compliance-form.html” is available for such reports.

Compliance rules

The organisation ECE and the organisational unit “ECSA Directorate” may not offer or perform ECSA audits or ECSA consulting services.

Members of the board of ECE, or of the ECSA directorate, are not allowed to act as ECSA-Auditors (ECSA-AA) or Consultants (ECSA-AC).

EuroCloud country organisations, as members of EuroCloud Europe, are allowed to act as Chapters (ACH) or Embassies (AEB), but they are restricted from being accredited as Audit organisations (AAO), Consulting Organisations (ACO) or Training Organisations (ATO).

If a EuroCloud country organisation is accredited as a chapter organisation, the members of the board of the local EuroCloud organisation are not allowed to act as ECSA-Auditors or Consultants.

EuroCloud Country organisations may offer up to six ECSA related training sessions per year as long as this is not a main part of the organisation’s activities, as long as will not conflict or compete with other local accredited training organisations and as long as accredited trainers perform the training.

An ECSA-Chapter (ACH) is the only partner organisation within the ECSA eco-system that is granted an exclusive right to operate in a specific country or region. Therefore, special monitoring and care for compliance and transparency is required.

In specific cases, exemption to the Compliance Rules may be given by extraordinary authorisation of the ECSA Compliance board. The application for such an exemption has to be in written form and has to include arguments to why a permit should be given. The exemption is given for a restricted period of time.

The person or organisation who is operating under such Exemption rules has to provide information about each assignment immediately it has been started, using the web form. In the case of missing compliance reports or complaints the ECSA Compliance Board will examine the situation and make a joint decision. This might lead to a withdrawal of the exemption and the accreditation.

The contractual appointment or accreditation of any person or organisation to one of the defined ECSA roles is limited to a period of three years but will automatically be extended for a further three years if not cancelled by either party 6 months prior to the contract end.

Partner rules

The ECSA partner programme is an international eco-system based on European quality values for worldwide usage. This means that the ECSA programme is open to all individuals and organisations who want to participate. It is not restricted to EuroCloud country organisations or limited to a geographical region.

Commercial Activities may be performed by accredited ECSA Partners in their assigned country or region of the world. Partners receive the granted the right to promote, execute ECSA audits, consulting and training in their assigned country or region. They are permitted to act as an ECSA-Partner as long as their active accreditation is published on the ECSA website. They are not permitted to mandate other persons, organisations or subsidiaries, parent organisations, branch offices or any other third party organisation or company to act as an ECSA-Partner.

An ECSA Chapter (ACH) is an organisation accredited by EuroCloud Europe to exclusively represent ECSA in the assigned country or region, responsible for promotion, facilitation and quality assurance of ECSA related activities and with direct contractual relations with all local ECSA partners.

The ECSA Chapter is the only partner with an exclusive right to operate and represent ECSA. Therefore, a potential candidate for a Chapter has to prove

  • strong interest in the development of the cloud market
  • balanced and neutral approach to provider and user interest
  • an active, healthy organisation with a good reputation
  • a powerful management structure capable of developing the local ECSA ecosystem and to handle organisational, contractual and legal challenges
  • the capacity to provide the ECSA localisation
  • a strong network to all stakeholders
  • a high reputation in delivering quality assurance
  • a well established relationship with government organisations, political and standardisation bodies.

Preferably the organisation is a non-profit organisation. If the legal entity of the organisation is not non-profit the organisation has to prove that its ECSA related activities are compliant with the above listed selection criteria for a Chapter.

Any organisation that applies for a Chapter accreditation – no matter whether it is a EuroCloud Country organisation or a non EuroCloud organisation - has to prove its capability of accomplishing the mentioned requirements.

The decision as to whether an accreditation will be granted stays exclusively with the ECSA directorate. In the case of several applications for a Chapter accreditation, the candidates will be invited to present their organisation and project plans. Local EuroCloud organisations that are not applying for the chapter accreditation may be invited to express their preferences.

In the case of two candidates for a Chapter contract, one of which is a local EuroCloud Country Organisation, that show similar results in the qualification process, ECE will prefer the local EuroCloud organisation as the local Chapter.