Mission
The mission of the Online Trust Coalition is to achieve and maintain trust in cloud services Through public-private collaboration, we strive for a unified, standardized, and harmonized approach. This enables providers to demonstrate reliability while allowing consumers to easily ascertain its presence.
Strategy
We execute our mission by embedding Dutch solutions within European policies concerning Cloud and cybersecurity. etherlands leverages its leadership in auditing, assurance, and accounting traditions as part of this endeavor. The OTC opts for a broad multi-stakeholder approach, encouraging coalition partners to actively engage with the action points and outcomes themselves. The OTC doesn’t position itself as a formal advisory body but aims to create breakthroughs through the practical application of solutions and the exchange of facts, figures, and substantive arguments with all relevant stakeholders in the Netherlands and the EU. The OTC also bears the responsibility of ensuring that Dutch initiatives remain aligned with developments within the EU.
Vision
The vision of the OTC is based on three pillars:
Criteria, Verification, and Communication. A reliable Cloud necessitates cloud services demonstrably meeting the requirements set by us as users and as a society. These
criteria are established in the form of regulation (such as at the EU level: NIS2, Data Act, Data Services Act, EUCS, etc.), supported by standards (for example, ISO 27001 and ISO 27701) or self-regulation.
Verification by independent auditors of the effectiveness of measures taken by the organization provides sufficient assurance that the organization complies with the established criteria. Hence, verification is a crucial building block for earning the trust of stakeholders That’s the essence of the assurance concept In the
communication of outcomes
, such as in the form of audit reports or certificates, cloud service providers demonstrate, in a harmonized and understandable manner for stakeholders, that their services are sufficiently reliable.
The OTC has achieved its mission when the following has become a reality:
Pillar 1: Criteria
Businesses have practical solutions enabling them to comply with mandatory, standardized, and recognized frameworks of norms.
Pillar 2: Verification
Within the EU, there are accepted methods enabling independent and expert auditors to conduct audits on cloud services, ensuring the quality and effective operation of management and security measures. These methods also address the chain issues associated with the set of services required to deliver the cloud service. Regulators, providers, and consumers accept these methods as guarantees for reliable cloud services.
Pillar 3: Communication
There are one or a few (new) reporting standards for cloud services across the EU that provide stakeholders with the desired clarity on pillars 1 and 2. These stakeholders actively request reports based on these standards. In addition, the ‘right to audit’ will predominantly be translated and used as: gaining access to these reports.
