Download Publication

AI Consensus Assessments Initiative Questionnaire (AI-CAIQ) v1.0.2
Release Date: 10/16/2025
The AI Consensus Assessment Initiative Questionnaire (AI-CAIQ) is an extension of the Cloud Security Alliance’s widely adopted CAIQ, designed specifically for AI systems.
The AI-CAIQ (AI Consensus Assessment Initiative Questionnaire) is a structured framework designed to help organizations self-assess and validate their adherence to AI-specific controls across critical domains such as governance, security, privacy, and operational resilience. It includes:
- Control Specifications: e.g., "Establish audit policies," "Implement model integrity checks".
- Self-Assessment Questions: Actionable inquiries to evaluate compliance with each control (e.g., "Are audit policies reviewed annually?").
- Taxonomy: Classifies AI lifecycle stages (e.g., development, deployment) and asset categories (e.g., data, models).
- Justification Questions: Section for justifying and providing evidence for your answers to the self-assessment.
This tool enables organizations to systematically identify gaps, mitigate AI-related risks, and demonstrate accountability in line with the CSA AI Controls framework.
Download this Resource
Prefer to access this resource without an account? Download it now.
Related Resources
Acknowledgements

Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC
Michael Roza is a seasoned risk, audit, control and compliance, and cybersecurity professional with over 20 years of experience across multinational enterprises and startups. As a Cloud Security Alliance (CSA) Research member for over 10 years, he has led and contributed to more than 140 CSA projects spanning Zero Trust, AI, IoT, Top Threats, DecSecOps, Cloud Key Management, Cloud Control Matrix, and many others.
He has co-chaired...
Are you a research volunteer? Request to have your profile displayed on the website here.
Related Certificates & Training

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage information from CSA's vendor-neutral research to keep data secure on the cloud.
Learn more
Learn more