Five Steps to the Ö-Cloud Quality Seal
Providers of cloud services in Austria receive the Ö-Cloud quality seal after successfully completing the self-assessment process hosted by the Ö-Cloud initiative. The path to the quality seal is clearly structured and transparent for all involved parties, and the full result of every self-assessment resulting in issuance of the Ö-Cloud quality seal is published.
1. Initial information
Providers can find all relevant information on the Ö-Cloud initiative on the website digitalaustria.gv.at.
Downloading the Ö-Cloud documentation
Please download the current documentation on the StarAudit catalogue via the download interface (menu item “Download”)
You need only provide an email address to which you want the documentation sent. Use the code “9888-9888-9888”. All documentation is provided free of charge. You will receive an email from the Brainloop secure data room containing download links to the following documents (with watermarks):
- EuroCloud StarAudit catalogue – full German version
- EuroCloud StarAudit catalogue – full German version
- EuroCloud StarAudit Control Mapping FULL
- Instructions for using the StarAudit tool
Verifying the Ö-Cloud controls
Please refer to the document “StarAudit Control Mapping FULL” to determine which controls in the StarAudit catalogue are relevant for the Ö-Cloud quality seal. Using the full catalogue and the Control Mapping, you can decide whether you want to apply for the Ö-Cloud quality seal.
2. Registration
Please fill out the online registration form under menu item 2 "Registration" to receive detailed information about the next steps in the process.
3. Self-Evaluation
Perform the online self-eassessment compiled according to international standards (StarAudit). The control catalogue comprises around 135 criteria relating to provider transparency, security, data centre operation, operative processes, applications like IaaS, PaaS, SaaS, contractual terms, and compliance with the GDPR.
Familiarising yourself with the Self-Assessment Tool
Register as a new user in the StarAudit Self-Assessment Tool and familiarise yourself with its easy-to-use interface using the instructions received with the other documents from the secure data room. The tool is free to use for as many users as you wish. You can find it under menu item 3 "Evaluation".
Attention:
The field “Name of the cloud service” must contain the unique and clearly specified name of a single cloud service, not several services. Each individual cloud service requires a separate application.
The field “Short service description” must contain a clearly understandable description of the specified service; no descriptions of multiple services, no marketing texts, and no company descriptions.
The Ö-Cloud quality seal is a seal awarded to a specific cloud service offered by a cloud provider (like every other cloud certificate). Therefore, the application documents must refer to a single cloud service only, and every further service to be awarded the seal requires a separate application and Assessment Report according to its specific features. The information in the controls (Areas 1 to 7) must apply explicitly to the specified service. A reference to a specific website that is explicitly related to the cloud service (not the standard corporate website) must also be provided in the application.
Issuance of the quality seal certificate (issued by EuroCloud Austria with support by the BMDW) and publication of the full Assessment Report online (all of the submitter’s answers to all control questions) generates an explicit obligation (e.g. for procurement by cloud customers) for the certified cloud service to be delivered in accordance with the parameters specified by the cloud provider in the Assessment Report.
The Ö-Cloud quality seal applies exclusively to pure cloud services and cannot be awarded to managed services. Similarly, the Ö-Cloud quality seal cannot be awarded to services operated on premise by customers.
Performing the self-assessment
Create an Ö-Cloud project in the StarAudit Self-Assessment Tool. Add the Ö-Cloud criteria catalogue and provide information for all controls in the individual sections. It is recommended to save your work periodically and complete the Template for each section. These Templates can be changed and edited later.
4. Submission
Create an Ö-Cloud self-assessment using the Assessment Tool. When you have finished your work on all the necessary controls (no controls marked with a red “x” remaining), you may print your final report as a PDF and submit it together with a commercial register excerpt to receive the Ö-Cloud quality seal. This can be done under menu item 4 “Submission”.
Receiving the quality seal
The verification and review of your submitted documents will generally be completed within one month. If the review of your self-assessment delivers a positive result, you will receive the official quality seal document and the quality seal logo of the Ö-Cloud initiative electronically. The quality seal is valid for 1 year and can subsequently be renewed. In case of a negative result of the review (rejection of the submission documents), a new and improved submission may be made at any time. Previous submissions cannot be updated or adapted via email, however.
5. Publication
The quality seal is valid as of the time of its publication on the EuroCloud website. From this point on, the respective provider may display the official Ö-Cloud quality seal and use it in its communication. The seal is valid for one year, after which the self-assessment process must be repeated.
Principles
Transparency
The Ö-Cloud quality seal is published transparently with regard to its scope and contents, and is thus publicly accessible. This applies to the requirements themselves (control catalogue) as well as to the results of every assessment (quality seal documentation or certificate contents and result).
Layer Model
The Ö-Cloud quality seal (self-assessment) is based on a layer model. This is designed to provide easy initial access and facilitate achievement of higher-level seals or certificates building on the successful obtainment of the Ö-Cloud quality seal. Further international certification models (BSI, ISO, Trusted Cloud, StarAudit) may be integrated at any time using a compatibility matrix.
Compatibility
The Ö-Cloud quality seal is compatible with other existing Austrian quality seals as well as internationally available quality seals and certification systems. This is intended to reduce the effort required to obtain additional quality seals and certificates.
Publicity
Every Ö-Cloud quality seal is published together with the full self-assessment report and is publicy accessible online. This transparency increases trust in the quality and significance of the Ö-Cloud quality seal.
Accessibility
The Ö-Cloud quality seal is accessible to every cloud provider regardless of company size and location. The goal is to prevent or minimize barriers to access. A further explicit aim is to allow Austrian SMEs offering cloud services a simple and inexpensive opportunity to access a qualitative quality seal and certification framework by way of the Ö-Cloud system.
Availability
The Ö-Cloud quality seal is digitally supported by way of tools and processes available online. This means that the first Ö-Cloud quality seals can be issued in summer 2021.