The final step in gaining trust in cloud services is being accountable to stakeholders regarding how the criteria (pillar 1) are met and proving their effectiveness through a conformity assessment (pillar 2). The communication regarding the outcomes of the performed conformity assessment on the accountability of measures can take various forms, depending on the information needs of the (group of) stakeholders This can range from a stamp or certificate to a detailed audit report. Each form of communication provides an associated level of detail and, depending on the nature of the conformity assessment, a level of assurance. The level of assurance often depends on the quality of the criteria used, the conformity assessment method applied, and the expertise of the assessor conducting the assessment. The choice of communication format will depend on the interests of the users, the rules associated with the chosen conformity method, and the applicable regulations.
Standards, guidelines, and best practices also define the rules and procedures on how to handle established communication, such as certificates and audit reports, including aspects like validity, dissemination, etc.
