Pillar 2: Verification

Trust in a cloud service is significantly based on the assurance that the service meets the criteria. Obtaining that assurance is thus the second pillar of the Online Trust Coalition. How can cloud service providers ensure (assure) that a cloud service actually meets the agreements (for example, in terms of quality) of the buyer, end-user, and legislator?

Through independent evidence, which arises from the necessary internal and external controls, we can assert with sufficient certainty that the requirements are met. That’s the essence of the assurance concept


A term that is commonly used when it comes to providing assurance is the concept of ‘assurance,’ as employed by accountants and IT auditors. There is a lot of confusion about the concept of assurance in everyday life. It’s often confused with ‘insurance’. However, concerning cloud services, it’s about providing a reasonable level of assurance that a cloud service meets the specified requirements. Whether a cloud service meets the specified requirements is determined by an independent third party with the appropriate expertise, often referred to as an ‘auditor’. The auditor conducts an examination (referred to as an audit or conformity assessment) to determine if the requirements (referred to as ‘criteria’ in this case) are met.


Want to join the Online Trust Coalition?

Help shape methods for cloud service providers to demonstrate that their services are reliable, secure, and support the customer validation process.