Consensus Assessments Working Group

Introduction to the Consensus Assessments Working Group

Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. We are focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. This effort by design is integrated with and will support other projects from our research partners.

The Latest Questionnaire is Version 3.0.1

Download now

Consensus Assessments Working Group Leadership

Consensus Assessments Co-chairs

Laura Posey

Laura Posey

Ms. Laura Posey focuses on driving strategic change, both within Microsoft and externally, to advance cyber security and resiliency. In her role, Ms. Posey draws upon her 12+ years of experience in the technology space to address global challenges related to information assurance and security policy and standards with a special focus on the challenges of government organizations worldwide.

Ms. Posey is a strong voice representing Microsoft in the Cloud Security Alliance (CSA) on issues representing both consumers and providers of Cloud services and technology and a supporting member of SAFECODE, addressing supply chain integrity best practices. Prior to joining the GSSD team, Ms. Posey worked in engineering organizations at Microsoft, most notably on the BitLocker Drive Encryption product and on the Next Generation Secure Computing Base project (NGSCB), which also incorporated TPM technologies. Ms. Posey’s role within these organizations included interfacing with government information assurance organizations worldwide disseminating forensics and cryptography details for the products to these organizations. Ms. Posey was awarded 2 patents for her work in these technologies.

In her early days at Microsoft, Ms. Posey led program management teams at and its predecessor,, drawing on her design and user experience background in building online applications for Charles Schwab and Wells Fargo Bank in San Francisco, CA. Prior to her career in technology, Ms. Posey worked for the Japanese Ministry of Education, Culture, Sports, Science and Technology (Monbusho) in Hokkaido, Japan, serving as a Ministry representative to the local Board of Education and liaison to the local mayor’s office. Her duties included English education, written and verbal translation for several local government offices, and assistance in the town’s foreign exchange programs with Australia and Canada. Ms. Posey holds a Bachelors of Arts in both Asian Studies and Communications from the University of North Carolina at Chapel Hill.

Consensus Assessments Advisors

Sean Cordero

Sean Cordero

Founder of Cloud Watchmen, Inc.

Prior to establishing his company, Cloud Watchmen, Inc., Mr. Cordero served as the CSO for EdFund, where his team oversaw information security for an over $39B loan portfolio. His previous roles included: Director of Security and Compliance for Charlotte Russe, and global leader for Life Technologies distributed systems program. Mr. Cordero regularly presents at leading industry and academic conferences including CSO Magazine, the High Technology Crimes Association, and UC Davis, where he has shared his dynamic and pragmatic approach to information security.

Evelyn de Souza

Evelyn de Souza

Senior Security Strategist at Cisco

Evelyn is responsible for championing holistic security solutions that address emerging industry trends such as cloud, data center SDN and mobile. She is a strong proponent of building automated, repeatable processes that enable organizations to sustain compliance while optimizing security posture and reducing costs. To this end, Evelyn co-chairs the Cloud Security Alliance Cloud Controls Matrix (CCM) which harmonizes regulations and industry standards to a common framework and according to cloud model to enable reduce audit complexity. Evelyn has a weekly column on WIRED Insights and frequently posts at CloudTweaks, Internet Evolution and 21st Century. Evelyn is also a regular speaker at industry conferences and can be followed on Twitter @e_desouza.

Consensus Assessments Working Group Initiatives

Please contact Consensus Assessments Working Group Leadership for more information.

Want to contribute to the Consensus Assessments Working Group?

Fill out the form below to join today!


If you experience trouble using this form, please submit the information here.

Other ways to Connect

Consensus Assessments Working Group News

July 11, 2014

CCM & CAIQ v3.0.1 Version Update Soft Launch

We are very excited to announce the soft launch of the CCM and CAIQ ​v.3.0.1. We invite you to download both documents during this early review period

April 09, 2014

CSA Seeks Input on Open Peer Review: CAIQ v3.0.1

CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014.

March 19, 2014

Volunteer Spotlight: Evelyn de Souza

Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing blueprints and holistic solutions to help organizations embrace the cloud securely and ensure data privacy in an agile manner.

November 07, 2013

Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups

CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.

September 12, 2012

CSA Seeks Volunteers for Consensus Assessments Initiative Questionnaire (CAIQ) v.2

CSA warmly invites interested individuals to step forward to contribute to an initiative which promotes cloud security for customers and providers.

November 16, 2011

Major Cloud Providers to Participate In CSA STAR – CSA Security, Trust and Assurance Registry

CSA today announced that Google, Verizon, Intel, McAfee, and Microsoft plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings.

August 16, 2011

Learn About the CSA STAR Registry

The Cloud Security Alliance announces two upcoming opportunities to learn more about its CSA STAR Registry. These public webcast briefings will be held August 18th and 23rd and will cover general information about the STAR Registry and the proper use of linked documents from the GRC Stack.

August 04, 2011

Media Advisory: CSA Announces STAR – CSA Security, Trust and Assurance Registry – To Help Users Assess Security of Cloud Providers

The Cloud Security Alliance (CSA) today announced the launch of a new initiative to encourage transparency of security practices within cloud providers.

November 17, 2010

Cloud Security Alliance Unveils Governance, Risk Management and Compliance (GRC) Stack

The Cloud Security Alliance (CSA) today announced the availability of the CSA Governance, Risk Management and Compliance (GRC) Stack, a suite of enabling tools for GRC in the cloud, now available for free download at

October 12, 2010

Cloud Security Alliance announces availability of Consensus Assessments Initiative Questionnaire

The Cloud Security Alliance today has announced the release of version 1.0 of the Consensus Assessments Initiative Questionnaire.

Consensus Assessments Working Group Downloads

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”

Release Date: February 01, 2016

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011