Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
CxO Initiative
Contact Us
Current Business Members
Cloud Customers
Cloud Solution Providers
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups

Certificate of Cloud Auditing Knowledge

The industry's first global cloud auditing credential.

Prepare for the ExamQualify for Special Pricing
Education Home
View Upcoming Classes
Enterprise Training
CCSK Exam
Resources
Home
Education
CCAK

Certificate of Cloud Auditing Knowledge

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical education for cloud IT auditing.

This credential leverages CSA’s cloud expertise and ISACA’s traditional audit expertise, combining our know-how and expertise to develop and deliver the best possible solution for cloud auditing education. CCAK benefits both CSA and ISACA members and certification holders as it builds on the body of knowledge covered in CSA’s Certificate of Cloud Security Knowledge (CCSK) and complement’s ISACA’s ANSI accredited certifications such as CISA, CISM, CRISC and CGEIT.

How is this certification program different from other IT audit certification programs?

An audited organization using cloud computing will have a very different approach to satisfying control objectives. A cloud tenant will certainly not have the same administrative access as in a legacy IT system and will employ a wide range of security controls that will be foreign to an audit and assurance professional that is grounded in traditional IT audit practices.

Credentials the CCAK Complements

The CCAK complements and enhances the skills and knowledge in the following credentials:

Who should earn the CCAK?

How to Prepare for the CCAK Exam

The CCAK is an online, proctored exam that contains 76 multiple choice questions. The exam is two hours and the passing score is 70%. Purchasing the exam provides you with one test attempt, which you will have one year to use.
There are no prerequisites to take the CCAK exam. Prior experience in IT audit, security, risk or cloud computing is essential to pass the CCAK exam. CCAK complements and enhances the knowledge of CCSK certificate holders.
Learn how these two certificates complement each other.
Option 1

Study on Your Own

Official Study Guide

The official study guide is broken into nine chapters containing all the information you will be tested on in the exam.

Buy Now

*ISACA's website will be down for site maintenance September 8th - 14th.

CCAK Questions and Answers Collection

After reading the study guide, you can test your knowledge with this database of over 200 sample exam questions. Each question includes a brief explanation of the answer choices, allowing you to fully understand the rationale behind each correct—and incorrect—answer.

Buy Now

*ISACA's website will be down for site maintenance September 8th - 14th.

See if you qualify for a discount

CSA Corporate Members receive discounts on all CCAK materials. Contact us for member pricing.

Option 2

Enroll in Training

Delve into cloud auditing by enrolling in a training program. You will cover the topics you need to know for the exam, as well as receive a more detailed explanation and examples for how to apply that knowledge in your job. The CCAK training will not only ensure that you understand the material, but also provide you with the opportunity to ask clarifying questions and develop a fuller understanding of the material.

Class Formats:

See if you qualify for a discount

CSA Corporate Members receive discounts on all CCAK materials. Contact us for member pricing.

Ready to Take the Exam?

Buy Exam

See if you qualify for a discount

CSA Corporate Members receive discounts on all CCAK materials. Contact us for member pricing.

What will you learn when you earn the CCAK?

  • Assessment: Understand the difference in assessing and auditing cloud environments versus traditional IT infrastructure & services.
  • Evaluation: Discover how to use cloud security assessment methods and techniques to evaluate a cloud service prior to and during the provision of the service.
  • Governance: Learn how existing governance policies and frameworks are affected by the introduction of cloud into the ecosystem.
  • Compliance: Understand the unique requirements of compliance in the cloud due to shared responsibility between cloud providers andcustomers.
  • Internal Security: Learn how to use a cloud-specific security controls framework to ensure security within your organization.
  • Continuous Monitoring: Architect in a way that allows you to measure control effectiveness through metrics and ultimately leads to continuous monitoring.

Earn the CCSK before pursuing the CCAK.

There are no prerequisites to take the CCAK exam. However, since the CCAK assumes you have a working knowledge of cloud security best practices, we advise that you earn the Certificate of Cloud Security Knowledge (CCSK) before pursuing the CCAK. That said, the CCSK is not a prerequisite to the CCAK and individuals can earn their CCAK without earning the CCSK first.

The CCAK and CCSK are complementary certificates:

  • The CCSK provides the knowledge that enables an expert to secure cloud systems. It demonstrates the necessary understanding of cloud terminology, security and governance.
  • The CCAK then expands on that knowledge, by focusing on how to assess that a cloud system has been set up securely according to the best practices covered in the CCSK.

Additional Study Materials

The following resources are frequently referenced in the CCAK study guide and training materials. You can download all of the CSA materials referenced in the CCAK exam below.

Download Related Materials

CCM Auditing Guidelines (Coming Soon)
Cloud Controls Matrix (CCM)
Consensus Assessments Initiative Questionnaire (CAIQ)
Security, Trust, Assurance & Risk (STAR)
Top Threats to Cloud Computing Deep Dive

Find out if you or your team are eligible for a discount.

CSA values the contributions of its global community and offers many ways to qualify for discounts on CCAK preparation materials, training and the exam. Complete the form below to learn more about how you might qualify for special pricing.

I am interested in:

Industry Support

As former head of cyber risk for a global bank, I consider this new material essential knowledge for risk and control practitioners. CCAK provides the basis for a playbook for how to audit cloud environments and promises to be the shortest path to take a competent IT auditor and pivot them to cloud. CCAK not only provides a blueprint for how to think about risk and control in a cloud context, but empowers with practical advice for successful cloud audits. As co-author, my hope is that CCAK holders will differentiate themselves from their peers by demonstrating informed understanding to properly assess cloud risk and control issues.

Craig Balding
Founder www.resilientsecurity.co.uk

IT and security individuals, at any stage of their career, can possess the knowledge on how to apply a risk-based approach to the audit lifecycle process. Prepare for the techniques and gain the visibility into the mindset of risk and control stakeholders, customers, internal and/or external auditors, cloud service providers (CSP) and third-party service providers to better stand out during your engagements.

John Guckian
Cybersecurity Architect

As someone who maintains double-digit CPA licenses, CISSP, CIPP, and ISO 27001 lead auditor as well as one of the first CCSKs, there is no other certification that takes an applied approach of auditing to very specific and technical subject matter.

Doug Barbin
Principal and Cybersecurity Leader at Schellman & Company, LLC

Auditors are usually good at understanding the high level risks but lack knowledge in the technical details. In CCAK we manage to bridge the gap between the two. CCAK professionals will understand both the risk management consideration along with the details of the cloud newly formed attack vectors and solutions.

Moshe Ferber
CCSK & CCAK Instructor, Cyber Entrepreneur, Board Member and Lecturer, Online Cloud Sec

Supporting Organizations

The International Systems Security Association (ISSA) , a nonprofit organization for the cyber professional community has also agreed to collaborate on the CCAK with the goal of both supporting and strengthening the cybersecurity profession.