Membership
Become a Member
Enterprises
Solution Providers
Startups
Current Members
Solution Providers
Affiliates
Assurance
STAR Program
STAR Levels
View Registry
Submit to Registry
Provide Feedback
GDPR Code of Conduct for STAR
STAR Resources
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
GDPR
Download the Code of Conduct
Submit Code of Conduct to the Registry
Resource Center
Global Consultancy
Become a Consulting Partner
Find a Consulting Service
Certificates & Training
Certificates
CCSK
CCAK
Trainings
CCAK (Coming Soon)
CCSK Lectures
CCSK Lectures + Labs
Advanced Cloud Security Practitioner
Register for Training
For Individuals
For Enterprises
Instructors
Become an Instructor
Training Partners
Become a Training Partner
Webinars
Cloudbytes
Research
GDPR
Events
Americas
APAC
EMEA
Research
What We Do
Research Working Groups
CSA Research Lifecycle
Research Publications
Security Guidance v4
Cloud Controls Matrix (CCM)
IoT Framework
Contribute
Open Peer Reviews
Surveys
Volunteer FAQ
Ron Knode Award
Working Groups
Internet of Things
DevSecOps
Software Defined Perimeter
Blockchain
Cloud Controls Matrix
EMEA Projects
APAC Projects
Community
About Circle
Create an Account
Login to Circle
How To Get Started
Blog
Events
Americas
APAC
EMEA
Chapters
Global Chapters
Form a Chapter
About
About CSA
Board
History
CSA Staff
CSA EMEA
Press Releases
News Coverage

Certificate of Cloud Auditing Knowledge

The industry's first global cloud auditing credential.

Learn More
Education Home
View Upcoming Classes
Enterprise Training
CCSK Exam
Resources
Home
Education
CCAK

Certificate of Cloud Auditing Knowledge

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program will fill the gap in the market for technical education for cloud IT auditing.

This credential leverages CSA’s cloud expertise and ISACA’s traditional audit expertise, combining our know-how and expertise to develop and deliver the best possible solution for cloud auditing education. CCAK benefits both CSA and ISACA members and certification holders as it builds on the body of knowledge covered in CSA’s Certificate of Cloud Security Knowledge (CCSK) and complement’s ISACA’s ANSI accredited certifications such as CISA, CISM, CRISC and CGEIT.

Keep me updated on the CCAK exam availability

How is this certification program different from other IT audit certification programs?

Traditional IT audit education and certification programs have many excellent elements, but were not developed with an understanding of cloud computing and its many nuances.

An audited organization using cloud computing will have a very different approach to satisfying control objectives. A cloud tenant will certainly not have the same administrative access as in a legacy IT system and will employ a wide range of security controls that will be foreign to an audit and assurance professional that is grounded in traditional IT audit practices.

Credentials the CCAK Complements

The CCAK complements and enhances the skills and knowledge in the following credentials:

Who should earn the CCAK?

Training & Exam Coming Soon

Want to know when the CCAK exam and training becomes available? Fill out this form and you will be the first to learn about the exam and courses as they become available.

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

What will you learn when you earn the CCAK?

Since the CCAK assumes a working knowledge of cloud security best practices, we strongly recommend that you earn your Certificate of Cloud Security Knowledge (CCSK) before pursuing the CCAK.

  • Assessment: Understand the difference in assessing and auditing cloud environments versus traditional IT infrastructure & services.
  • Evaluation: Discover how to use cloud security assessment methods and techniques to evaluate a cloud service prior to and during the provision of the service.
  • Governance: Learn how existing governance policies and frameworks are affected by the introduction of cloud into the ecosystem.
  • Compliance: Understand the unique requirements of compliance in the cloud due to shared responsibility between cloud providers andcustomers.
  • Internal Security: Learn how to use a cloud-specific security controls framework to ensure security within your organization.
  • Continuous Monitoring: Architect in a way that allows you to measure control effectiveness through metrics and ultimately leads to continuous monitoring.

Study Resources

Body of Knowledge
(Coming Soon)

This document is the main body of knowledge for the CCAK exam. It provides a common baseline of expertise and a shared nomenclature. Among other topics, it covers governance, risk management, compliance, and vendor/supply chain management.

Other Study Materials

CCM Auditing Guidelines (Coming Soon)
Cloud Controls Matrix (CCM)
Consensus Assessments Initiative Questionnaire (CAIQ)
Security, Trust, Assurance & Risk (STAR)
Top Threats to Cloud Computing Deep Dive

Industry Support

As former head of cyber risk for a global bank, I consider this new material essential knowledge for risk and control practitioners. CCAK provides the basis for a playbook for how to audit cloud environments and promises to be the shortest path to take a competent IT auditor and pivot them to cloud. CCAK not only provides a blueprint for how to think about risk and control in a cloud context, but empowers with practical advice for successful cloud audits. As co-author, my hope is that CCAK holders will differentiate themselves from their peers by demonstrating informed understanding to properly assess cloud risk and control issues.

Craig Balding
Founder www.resilientsecurity.co.uk

IT and security individuals, at any stage of their career, can possess the knowledge on how to apply a risk-based approach to the audit lifecycle process. Prepare for the techniques and gain the visibility into the mindset of risk and control stakeholders, customers, internal and/or external auditors, cloud service providers (CSP) and third-party service providers to better stand out during your engagements.

John Guckian
Cybersecurity Architect

As someone who maintains double-digit CPA licenses, CISSP, CIPP, and ISO 27001 lead auditor as well as one of the first CCSKs, there is no other certification that takes an applied approach of auditing to very specific and technical subject matter.

Doug Barbin
Principal and Cybersecurity Leader at Schellman & Company, LLC

Auditors are usually good at understanding the high level risks but lack knowledge in the technical details. In CCAK we manage to bridge the gap between the two. CCAK professionals will understand both the risk management consideration along with the details of the cloud newly formed attack vectors and solutions.

Moshe Ferber
CCSK & CCAK Instructor, Cyber Entrepreneur, Board Member and Lecturer, Online Cloud Sec

Supporting Organizations

The International Systems Security Association (ISSA) , a nonprofit organization for the cyber professional community has also agreed to collaborate on the CCAK with the goal of both supporting and strengthening the cybersecurity profession.