Many small service providers have seemingly great and good value service offerings, which are mostly cloud-based. Yet, it is often that exactly these small service providers may have limited security awareness, resulting in uncontrolled and unwanted exposure of sensitive data. The European User Group Enterprise & Cloud Data Protection, together with the Cloud Security Alliance are proposing to establish a trusted cloud controls assessment and certification service for such small service providers who may not be in a position to run through a comprehensive CSA STAR L2 or SOC2 certification but still want to be able to offer an acceptable level of assurance to their clients. The intention is to raise security standards for small cloud-based services, establish an industry-standard trusted assurance level, and reduce overall effort spent by service providers and their clients due to multiple and extensive assessments performed for the same service.