CSA Global Consultancy
Frequently Asked Questions
Q1: What is the CSA Global Consultancy Program (GCP)?
A1: The CSA Global Consulting Program (CSA GCP) allows cloud security professionals and organizations with a broad understanding of CSA best practices and values to be recognized by CSA as qualified source of professional services based on CSA best practices.
The main objective of the CSA GCP is to provide consulting services through the creation of a trusted network of resources that provides high-quality cloud security consultancy services based on CSA best practices.
Q2: What are the benefits of the CSA GCP?
A2 (a) Cloud Consultant Benefits: The CSA GCP aims to simplify the research for trusted consulting services through the creation of an openly accessible pool of qualified organizations and professionals recommended by CSA.
The benefits for the qualified consulting partners include:
- recognition by CSA as an expert in providing services based on CSA best practices and programs
- achieve visibility toward potential customers
- access to CSA’s community and network
- greater reach through CSA's marketing campaigns
A2 (b) Cloud Consumer Benefits: The main benefit for the cloud customer and CSPs is to easily access a repository of qualified cloud security experts who have been vetted by CSA in their ability provide consultancy services based on CSA best practices.
Q3: How is GCP structured?
A3: The CSA global consulting services program defines policy and requirements for an organization to be recognized by CSA as authorized consulting services provider.
The program will define two (2) categories of partners:
- Standard Authorized Partners (SAP)
- Advanced Authorized Partners (AAP)
Q4: What is a Standard Authorized Partners (SAP)?
A4: A Standard Authorized Partners (SAP) is a consulting firm that has met the requirements of the CSA Consultancy Program.
The requirements are:
- Employ a up to 5 Qualified Consultants1
- Adhere to the CSA GCP code of ethics
- Adhere to the CSA GCP terms and conditions
- Provide, within twelve (12) months from the signing of the GCP agreement, at least one (1) references from customers engaged with services relevant in the scope of the GCP.
Q5: What is an Advanced Authorized Partner (AAP)?
A5: An Advanced Authorized Partner (AAP) is a larger consulting firm that has met the requirements of the CSA Consultancy Program.
The requirements are:
- Employ at least five (5) Qualified Consultants
- Adhere to the CSA GCP Code of Ethics
- Adhere to the CSA GCP terms and conditions
- Provide, within twelve (12) months from the signing of the GCP agreement, at least three (3) references from customers engaged with services relevant in the scope of the GCP.
- Be a CSA corporate member
Q6: What is a Qualified Consultant (QC)?
A6: A Qualified Consultant (QC) is a security professional who has achieved the following qualification and certifications:
- Attended induction training by a CSA-designated person, on CSA’s mission, activities and relevant best practices (REQUIRED).
- Successfully passed the current version of the Certificate of Cloud Security Knowledge (CCSK) examination (REQUIRED).
- Completed the CSA CGC training course (REQUIRED).
- Achieved the CSA STAR Certification Qualified Auditor and/or Consultant designation by attending a qualified course and passing the associated exam. (REQUIRED in alternative to the CGC training)
- Successfully passed the current version of the Certified Cloud Security Professional (CCSP) exam. (PREFERRED)
Q7: What are the specific benefits for SAP and AAP?
A7: The specific benefit are described in the table below:
|Company profile and logo listed on CSA website in the GCP Registry (Logo listed - AAP Only)|
|Use of CSA GCP logo|
|Use of the CSA logo|
|Access to the CSA GCP self-service marketing package|
|Eligible for CSA-branded webinars (CloudBytes)|
|Eligible for CSA-branded case study|
|Eligible for CSA Executive quote for partner marketing collaterals|
|Discount on CCSK training (10%)|
|Discount on CCSK tokens (10%)|
|Discount on CGC training (10%)|
|Discount on STAR Certification Lead Auditor training (10%)|
|Eligible for discount on CSA events sponsorship packages|
|Discount on STARWatch licenses|
Q8: As a member of the GCP, what visibility will my company have on CSA’s web site?
A8 (a) AAP: AAP will be listed on the CSA Consulting Program Registry in the CSA website. The company profile will include:
- Consulting partner name
- Short description of the relevant services offered
- Region(s) / Countries where the AAP operates
- Contact details
- Name of the Qualified Consultant (QC) (Optional)
- Relevant CSA Certification / Qualification (i.e., CCSK, STAR Certification Qualified Consultant, CGC, CCSP) owned by the team.
A8 (b) SAP: SAPs are not directly listed on the CSA website. CSA will maintain a list of SAPs in each Region (APAC, North America, LatAm, EMEA). The relevant list will be provided to any third-party customer upon request.
Q9: What is the scope of the CSA GCP?
A9: The GCP will mainly focus on consultancy support in the areas of secure cloud design, cloud architectures, secure cloud implementation, cloud information security programs, cloud assessment and compliance, risk management, and cloud security governance.
The following CSA best practices shall be included as a reference body of knowledge, where applicable:
CSA Security Guidance, Cloud Control Matrix, Consensus Assessment Initiative, Open Certification Framework and STAR Program, Enterprise Architecture, and Software Defined Perimeter.
CSA encourages partners to investigate the possibility to deliver consultancy services based on new CSA best practices in the areas of Mobile Security, Big Data and IoT.
Q10: Where I can find more information about CGC training, including the class schedule?
A10: For information about the CGC training course, please check here: https://cloudsecurityalliance.org/education and here for the schedule: https://cloudsecurityalliance.org/education/schedule
Q11: Where I can find more information about the CCSK training, including the class schedule?
A11: For information about the CGC training course, please check here: https://cloudsecurityalliance.org/education and here for the schedule: https://cloudsecurityalliance.org/education/schedule
Q12: Where I can find more information about the STAR Certification training, including the class schedule?
A12: For information about the STAR Certification training course, please check here: https://bsi.learncentral.com/shop/Course.aspx?id=23192&name=Certified+CSA+STAR+Auditor
Q13: Where I can find more information about CSA corporate membership, including the cost?
A13: For more info about CSA membership, please check here: https://cloudsecurityalliance.org/membership/
Q14: Is there a GCP agreement?
A14: Organizations that want to join the GCP need to sign the program agreement, which includes the terms and conditions and code of ethics of the CSA GCP.
Q15: Are there any fees associated with participation in the GCP?
A15: There is no additional fee to be paid by an AAP. In case an AAP member requests multiple entries in the GCP Registry (e.g., if the company has multiple legal entities in different regions), the AAP will pay a registration fee of $1,200.00 USD and an annual fee of $900 USD for any additional entries after the first.
There are no costs associated to the status of SAP.
Q16: My company is part of a network of companies (e.g., Big Fours), and one of the member of the network is already a CSA corporate member as well as member of the GCP. What are the steps I need to take for getting my company listed, too?
A16: If companies are part of a network of companies having different legal entities, each of them needs to have a different entry in the GCP registry. That means that each of the members of the network needs to sign a GCP agreement and fulfill the technical requirements.
The members of the network, other the one that owns the CSA corporate membership, don’t have to pay an additional CSA membership, but they will be requested to pay a registration fee of $1,200.00 USD and an annual fee of $900 USD to maintain their GCP status.
Q17: I’m CCSK and CCSP certified. Do I meet the QC requirements?
A17: In order for someone to become a CSA QC, s/he must satisfy the minimum requirements, e.g.:
- Complete CGC training
- Interview on CSA related expertise
The STAR Certification training and certification, as well as the CCSP, are to be considered as added value and referenced in the partner’s profile.
Q18: Does CSA provide consulting services?
A18: CSA does not provide direct consulting services.
Q19: What if I have additional questions about the CSA GCP program?
A19: For inquiries, please email us at [email protected].
1 Small consulting firms may still apply for an AAP if they so desire. These descriptions are normative.