Secure Your Business


A certification project acc. to ISO/IEC TR 20000-9, a Standard for Cloud Services, builds on a
certified IT Service Management System acc. to ISO 20000-1.



Service quality and availability of cloud services are made visible to customers by a recognized ISO Certificate. Therefore, the Cloud Standard ISO/IEC TR 20000-9 can be implemented and certified in combination with the Base Standard ISO/IEC 20000-1 for IT Service Management. Thanks to federal accreditation of CIS for ISO/IEC TR 20000-9, certification acc. to this Cloud Standard, which is based on system certification acc. to ISO 20000-1 and is recognized on a

national and international scale, is possible. In this respect, the scope

of ISO/IEC TR 20000-9 within an organization also corresponds to that of an IT Service Management System acc. to ISO 20000-1. CIS issues a Certificate acc. to ISO/IEC TR 20000-9, which is valid on an international scale, as independent evidence of service quality and availability of the cloud services certified. Cloud services can be certified acc. to ISO/IEC TR 20000-9 in the course of the annual Surveillance Audits acc. to ISO 20000-1 or, independently from this, at any other moment. The project process can be broken down into three phases, the implementation phase, the certification phase and the recertification phase.


Information: An initial interview with CIS furnishes details about the certification process.
This is followed by registration and project planning.


Analysis: Evaluation of the individual requirements and assessment of measures existing within the company. CIS as an independent Certification Body is not involved.


Implementation: Establishing measures according to the requirements ISO/IEC TR 20000-9 places on business continuity. CIS as an independent Certification Body is not involved.


CIS Stage Review (voluntary preliminary review): Upon request, CIS will, in the course of the project, review the usefulness of the system elements implemented. The audit report provides a strength / weakness profile.


CIS System & Risk Review (preliminary review): CIS reviews implementation of the requirements placed by the Standard as well as documentation. Deficiencies and opportunities for improvement will be laid down in a short report. This preliminary review serves as a “general rehearsal” before the Certification Audit.

CIS Certification Audit: The CIS Auditor reviews the IT Service Management System supplemented by cloud aspects by making multiple samples on different levels of the organization. The audit report shows opportunities for improvement.


CIS Licence: By obtaining the “Certificate Issuance & Right to Use Licence”, you obtain the CIS Certificate acc. to ISO/IEC TR 20000-9, which makes the high quality level of the cloud services visible to your customers and will be valid for three years.


CIS Surveillance Audit: The Surveillance Audit, which is conducted once a year, reviews effectiveness of the overall management system as well as continual improvement.


CIS Recertification Audit: After 3 years, the Certificate, which has expired, can be renewed.


CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com