Certificate of Cloud Auditing Knowledge

The industry's first global cloud auditing credential.

The Certificate of Cloud Auditing Knowledge (CCAK) is a credential that industry professionals can obtain to demonstrate their expertise in understanding the essential principles of auditing cloud computing systems. The CCAK is being developed by the Cloud Security Alliance, the global leader in cloud security best practices and will be available in Q3 2020.

Filling the Skills Gap

Why is the Cloud Security Alliance developing the Certificate of Cloud Auditing Knowledge?

Cloud computing represents a radical departure from legacy IT in virtually every respect. The new technology architecture, the nature of how cloud is provisioned and the new shared responsibility model means that IT audit must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Because Cloud Security Alliance has developed the most widely adopted cloud security audit criteria and organizational certification, we are uniquely positioned to lead industry efforts to ensure industry professionals have the requisite skill set for auditing cloud environments.

How is this certification program different from other IT audit certification programs?

Traditional IT audit education and certification programs have many excellent elements, but were not developed with an understanding of cloud computing and its many nuances. An audited organization using cloud computing will have a very different approach to satisfying control objectives. A cloud tenant will certainly not have the same administrative access as in a legacy IT system and will employ a wide range of security controls that will be foreign to an audit and assurance professional that is grounded in traditional IT audit practices. The CCAK provides a body of knowledge to ensure that IT auditors and other related stakeholders are communicating appropriately and accurately as to the effectiveness of cloud security controls.

Body of Knowledge

The CCAK body of knowledge will include several existing familiar components. The Cloud Controls Matrix (CCM) is the fundamental framework of cloud control objectives that is the most popular collection of security controls for existing cloud audits. The companion Consensus Assessments Initiative Questionnaire (CAIQ) is the primary means for assessing a cloud provider’s adherence to CCM. The CSA Security, Trust, Assurance & Risk (STAR) program is the global leader in cloud security audits and self assessments. These components in addition to some new material provides the holistic body of knowledge that will comprise the Certificate of Cloud Auditing Knowledge (CCAK).

Who should earn the CCAK?

The CCAK is designed to provide CISOs, security and compliance managers, internal and external auditors and practitioners of tomorrow with the proven skillset to address the specific concerns that arise from the use of various forms of cloud services.

  • (Cloud) Security third-party auditors
  • (Cloud) Security internal auditors
  • CISOs
  • Chief Privacy Officers
  • Data Protection Officers
  • Compliance Managers
  • Vendor/Partners Program Managers
  • Procurement Officers
  • CSA STAR Program Auditors/Assessors (STAR Certification, STAR Attestation)
  • CSA Code of Conduct assessors
  • Security and Privacy Consultants

What are the opportunities to get involved or stay informed about the CCAK?

There are many opportunities to participate in the development of the CCAK. An individual may desire to volunteer to provide subject matter expert (SME) contributions and peer review. Organizations with a vested interest in cloud auditing may wish to be a founding sponsor. Please use our contact form to express your interest.

Stay CCAK Informed


Having read and understood the CSA’s Privacy Policy,

I specifically consent to receive marketing messages via the following channels:

Frequently Asked Questions

Why certify as a CCAK?

The Certificate of Cloud Auditing Knowledge (CCAK) is intended to provide a common baseline of expertise and a shared nomenclature to a broad set of stakeholders that include IT auditors, cybersecurity professionals and IT professionals. Because CCAK is intended to create a common cloud audit understanding, we anticipate it being a mandatory requirement for IT auditors and highly recommended for any IT manager and professional, especially for governance, risk management, compliance, and vendor/supply chain management.

How will the Certificate of Cloud Auditing Knowledge (CCAK) relate to the Certificate of Cloud Security Knowledge (CCSK)?

The Certificate of Cloud Security Knowledge (CCSK) is Cloud Security Alliance’s flagship industry credential, created in 2010. The CCAK and CCSK will be complementary by their very nature. The CCSK provides the knowledge enabling an expert to secure cloud systems that will be successfully scrutinized by an expert holding the CCAK. In many cases, an industry professional will be well served by obtaining both certificates. From a delivery perspective, CCAK is anticipated to be similar to CCSK with a combination of in-person and online courses and an online examination.

Is the CCAK a viable substitute for other industry certifications, including the CCSK?

No. The CCAK is unique in the industry and will help to fill the skills gap that will help keep the cloud ecosystem more secure. This is why CSA is moving quickly to implement by Q2 2020.

Does the CCAK have industry support?

Many large enterprises have already committed subject matter experts to work on CSA’s Cloud Audit Initiative upon which the CCAK will be built.