Declare a Service

This is a Declaration of Adherence (“Declaration”) with the Data Protection Code of Conduct for Cloud Infrastructure Service Providers (the “Code”). Unless they are otherwise defined, capitalised terms used in this Declaration will have the meaning given to them in the Code.

Service Declarations and the use of the relevant Trust Mark are subject to CISPE handling fees.

See details

Person Declaring the Service

For communications purposes and should any question arise in relation to your declaration, please include the information of the contact person in charge of the Declaration.

Please add country code

Type of Declaration

For Self-Assessment, a CISP must complete a self-assessment of its service against the Code Requirements and present to the CISPE Secretariat:
• its Declaration of Adherence; and
• a completed Compliance Checklist as set out at Annex B of the Code, and any supporting information.¨


CISPs that follow the Self-Assessment process shall be entitled to have the self-assessed service into the CISPE Public Register as “Candidate to the Code”, for a maximum period of 12 months following the date of incorporation of the Declaration of Adherence into the CISPE Public Register.


For Controlled Adherence, a CISP must first submit the relevant service for Monitoring Body assessment and verification, and present to the Secretariat:
• its Declaration of Adherence;
• a completed Compliance Checklist as set out at Annex B of the Code, and any supporting information; and
• written confirmation from its Monitoring Body that the CISP service adheres to the Code.


Your choice will determine which Compliance Mark the CISP is eligible to use for the Service(s). In each case the supporting evidence must include a completed Compliance Checklist and demonstrate compliance by reference to the Compliance Checklist.

CISP(S) Information and Services covered


Please complete and upload this Spreadsheet template to provide company information and details for all declared services.


This Declaration should be made by an entity which is a seller of record of the Service(s) (the "CISP"). If this Declaration is being made by more than one CISP, for example if the declaring entity provides services through different brand name or CISP subsidiaries, please include details for each CISP below and in the excel declaration. This information will appear on the CISPE Public Register.

Click or drag a file to this area to upload.
Please upload a .xlsx, .ods or .xls file following the provided example.

Compliance Checklist


This Compliance Checklist sets out the requirements that a CISP shall meet in order to comply with the Code. It also provides suggested guidance to CISPs on how compliance with the Code Requirements can be achieved and technical and organisational security practices of Annex A can be implemented.


For clarity, the CISP’s obligation is to comply with the Code Requirements: the columns below setting out expected controls to be applied, and questions for the CISP, are to provide examples for how a CISP could comply and how their compliance could be assessed, but do not replace or change the relevant Code Requirement.


The Compliance Checklist is also intended to ensure a consistent verification approach for all Monitoring Bodies by providing them with (i) the requirements with which compliance with the Code will have to be verified and (ii) the questions/materials or equivalent that should be used to perform an assessment of Code compliance. The Compliance Checklist is not intended to replace or alter the Service Contract between a CISP and a customer.


For your convenience, the Compliance Checklist (“Annex B”) can be downloaded here, as an Excel document.


Please attach the Compliance Checklist and copies of any supporting documentation provided in respect of the Auditable Code Requirements.


Please indicate if supporting documents only apply to specific Services. If you are relying on different supporting documents for different services, you may complete the Compliance Checklist separately for each Service.

Click or drag a file to this area to upload.
Please upload the completed checklist or a .zip file containing it and any supporting documents.

Declaration

By signing below the CISP(s) confirms that:

 

  1. as of the date of this Declaration the Services adhere to the Code Requirements;
  2. if following the Self-Adherent Process, the CISP shall submit the Service for Monitoring Body review within 12 months of incorporation of this Declaration in the CISPE Public Register;
  3. the CISP shall comply with the Monitoring Body review, complaints and enforcement procedures in Section 7(Governance) of the Code; and
  4. if any change to the Service(s) or the Code means a material update to this Declaration is required, then
    1. the CISP must promptly notify the Secretariat, and
    2. cooperate with the Secretariat to update those materials.

The data communicated via this form is collected with your consent and will be sent to Cloud Infrastructure Services Providers in Europe ASBL as a data controller. The data may be sent to processors acting under the strict instructions of Cloud Infrastructure Services Providers in Europe ASBL. When submitting information necessary to declare services, the data is collected for the purposes indicated therein. The data is stored for thirty-six (36) months. Some elements of data handled for management purposes (e.g.: billing) may be stored for a longer period, in compliance with the applicable regulations. You have the ability to lodge a complaint to the relevant supervisory authority. You also have right of access, right to rectification, right to deletion, right to limitation, right to portability, right to opposition on legitimate grounds and right to withdraw consent at Codeofconduct@cispe.cloud.