Certificate of Cloud Auditing Knowledge
The industry's first global cloud auditing credential.

Certificate of Cloud Auditing Knowledge
The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program will fill the gap in the market for technical education for cloud IT auditing.
This credential leverages CSA’s cloud expertise and ISACA’s traditional audit expertise, combining our know-how and expertise to develop and deliver the best possible solution for cloud auditing education. CCAK benefits both CSA and ISACA members and certification holders as it builds on the body of knowledge covered in CSA’s Certificate of Cloud Security Knowledge (CCSK) and complement’s ISACA’s ANSI accredited certifications such as CISA, CISM, CRISC and CGEIT.
How is this certification program different from other IT audit certification programs?
Traditional IT audit education and certification programs have many excellent elements, but were not developed with an understanding of cloud computing and its many nuances.
An audited organization using cloud computing will have a very different approach to satisfying control objectives. A cloud tenant will certainly not have the same administrative access as in a legacy IT system and will employ a wide range of security controls that will be foreign to an audit and assurance professional that is grounded in traditional IT audit practices.
Credentials the CCAK Complements
The CCAK complements and enhances the skills and knowledge in the following credentials:
- Certificate of Cloud Security Knowledge (CCSK)
- Certified Information Systems Auditor (CISA)
- FedRAMP 3PAO Assessor
- PCI/DSS Qualified Security Assessor
- ISO 27001 Lead Auditor Credentials
Who should earn the CCAK?

Training & Exam Coming Soon
Want to know when the CCAK exam and training becomes available? Fill out this form and you will be the first to learn about the exam and courses as they become available.
What will you learn when you earn the CCAK?
Since the CCAK assumes a working knowledge of cloud security best practices, we strongly recommend that you earn your Certificate of Cloud Security Knowledge (CCSK) before pursuing the CCAK.
- Assessment: Understand the difference in assessing and auditing cloud environments versus traditional IT infrastructure & services.
- Evaluation: Discover how to use cloud security assessment methods and techniques to evaluate a cloud service prior to and during the provision of the service.
- Governance: Learn how existing governance policies and frameworks are affected by the introduction of cloud into the ecosystem.
- Compliance: Understand the unique requirements of compliance in the cloud due to shared responsibility between cloud providers andcustomers.
- Internal Security: Learn how to use a cloud-specific security controls framework to ensure security within your organization.
- Continuous Monitoring: Architect in a way that allows you to measure control effectiveness through metrics and ultimately leads to continuous monitoring.
Study Resources
CCAK Study Guide
Cost: $70
The Official CCAK Study Guide is the main body of knowledge for the CCAK exam. It provides a common baseline of expertise and a shared nomenclature. Among other topics it covers governance, risk management, compliance, and vendor/supply chain management.
Purchase Study Guide*CSA Corporate Members can receive bulk discounts on the CCAK exam, trainings and preparation materials. Contact [email protected] to learn more.
Additional Study Materials

CCM Auditing Guidelines (Coming Soon)
Industry Support
Supporting Organizations
The International Systems Security Association (ISSA) , a nonprofit organization for the cyber professional community has also agreed to collaborate on the CCAK with the goal of both supporting and strengthening the cybersecurity profession.