Jump to Navigation



During the duration of A4Cloud, a core activity was related to engaging with relevant standardization bodies and actively influencing the initiatives related to the project’s areas of interest namely Service Level Agreements, Assessment and Certification, Risk Management and Privacy Impact Assessment. The role of standards and best practices in A4Cloud can be seen in the following figure where (i) standards contributed to shape the project’s technical activities (Red arrow), and also (ii) technical contributions developed by A4Cloud were contributed to strategic standards based on a well-structured approach (Blue arrow).


The relationship between A4Cloud’s areas of interest and contributed standards/best practices is shown in the following table:

Overall, the project contributed to 15 standardisation/best practices initiatives including ISO/IEC, NIST, ETSI and CSA.

Area of interest

A4Cloud contribution

Standard/Best practice being contributed

Service Level Agreements

Linking to evidence.

Accountability policy representation (A-PPL).

Terminology, cloud SLA management.

Accountability SLO’s.

CSA Privacy Level Agreements

ISO/IEC 19086 Part I “Cloud computing – Service Level Agreement (SLA) Framework and Terminology”

ISO/IEC 19086 Part IV “Cloud computing – Service Level Agreement (SLA) Security and Privacy”

Assessment and Certification

Accountability Maturity Model.

Accountability metrics.

Continuous (risk) monitoring.

CSA Open Certification Framework

ISO/IEC 19086 Part II “Cloud computing – Service Level Agreement (SLA) Metrics”

Risk Management

Contributions to the risk model.

Risk management/assessment.

NIST 800-173.

Privacy Impact assessment (PIA)

PIA and the accountability dimension.

Synergies with DPIAT.

Enable external auditing.

ISO/IEC 29134 “Privacy impact assessment   – Methodology”.