This document discusses key considerations for achieving Restricted (IL3) accreditation for cloud services. It outlines that reviewing solutions against security standards, maintaining current ISO 27001 certification, addressing the OWASP Top Ten risks, and locking down configurations are important. It also recommends keeping support in the UK at Restricted levels, using secure protocols, and considering hosting in a pre-accredited environment. Common issues that can arise include ensuring adequate staff clearances, obtaining key material for approved products, having recent penetration tests, and single vulnerabilities allowing network connections.