Terms and Conditions
Effective July 2, 2024
Welcome to https://cloudsecurityalliance.org (“Site”). The Site is owned and operated by the Cloud Security Alliance (“CSA”).
BY VISITING AND USING THE SITE, YOU ACKNOWLEDGE AND AGREE TO THESE TERMS AND CONDITIONS, THE PRACTICES DESCRIBED IN OUR PRIVACY NOTICE AND ANY ADDITIONAL TERMS OR RULES THAT WE POST ON THE SITE TO (COLLECTIVELY “AGREEMENT”).
Changes
We may modify this Agreement from time to time. We will notify you of such changes by any reasonable means, including by posting the revised version of this Agreement on the Site, or by providing links to such notices. Your use of the Site following changes to this Agreement will constitute your acceptance of these changes.
Our Services
The Site provides general information about the Cloud Security Alliance and the cloud computing industry, including without limitation information such as articles, publications research papers, updates, event details, videos, photos, text, data, graphics, sounds, subscription management, research tools, Cloud Security Alliance Security Trust and Assurance Registry (“CSA STAR Registry”), the Certificate of Cloud Security Knowledge (“CSA CCSK”) and links to third-party websites (collectively, “Services”).
Permitted Uses
You may download, view, use, copy, print, distribute, or transmit, any articles, publications, updates, event details, videos, photos, that are made available through the Site (“Material”) for your education and understanding of the issues involved. You must retain all copyright, trademark, and other proprietary notices included in the Material.
Except as permitted in the Research and Publications Section, you may not use, download, upload, copy, modify, adapt, print, display, perform, reproduce, republish, license, rent, lease, loan, sell, assign, post, transmit, distribute, reverse engineer, decompile, disassemble, translate, create derivative works or exploit any Material or any part of the Site for commercial purposes, for profit, or to generate directly or indirectly advertising or other revenues, except with an appropriate license from CSA.
We reserve all right, title and interest (including all copyright, trademarks, trade secrets, patents, and other intellectual property rights) in the Site and Material other than the rights or licenses that are expressly granted in this Agreement.
Notwithstanding the foregoing, we grant the operators of public online search engines limited permission to use search retrieval applications to reproduce Material from the Site solely to the extent necessary for creating publicly available searchable indices of such Material solely in connection with each operator’s public online search service. We reserve the right to revoke this permission either generally or in specific instances.
Our Research and Publications
Some of the Material posted on the Site is the result of research performed by CSA working groups. These Material are provided to the public in the form of guidance, charts, white papers, and the like (“Publications”) and are posted on the Rearch Section of our Site.
You may not modify or translate these Publications, except with the prior written consent of the Cloud Security Alliance.
You may use, copy, print, or link to these Publications subject to the terms and conditions attached to a specific Publication, and if no such terms are attached, subject to the following license:
© 2013 Cloud Security Alliance. All Rights Reserved.
This document may not be modified or translated without the prior written consent of the Cloud Security Alliance.
This document and its authorized translations may be copied and furnished to others, and, in this case, must be provided free of charge (except for compensation for the cost of duplication, if any). This notice and references to the Cloud Security Alliance in this document must remain on all versions, copies, translations, abstracts, extracts, or summaries of the document.
Works that comment on, or explain this document, or assist in its implementation may be prepared, copied, published, and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this sectionare included on all such copies and derivative works.
The limited permissions granted above are perpetual and will not be revoked by the Cloud Security Alliance or its successors or assigns.
This document and the information contained herein are provided on an “AS IS” basis. The Cloud Security Alliance DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF TITLE, WARRANTY OF NON-INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
CSA Star Registry
The CSA STAR Registry is a Service of the CSA. It is a publicly accessible registry, available from the CSA Site, that documents the security controls provided by various cloud computing offerings. Information on the operation of the CSA STAR Registry is available from CSA STAR Registry.
The CSA STAR Registry is a compilation of the description of security controls that have been submitted by companies for posting on the Registry. Each company that wishes to post on the STAR Registry must prepare a written “Security Disclosure”, and must periodically update its disclosures according to the rules set forth in the CSA STAR Registry Terms and Conditions.
After a company has uploaded its Security Disclosure and completed the STAR Application Form on the CSA STAR Registry website, CSA verifies the authenticity of the submission, and performs a basic check to ensure that the application is complete. Then, it may upload the Security Disclosure on the CSA STAR Registry, or refuse to post any Security Disclosure in its sole judgment. CSA requires companies to update their Security Disclosure at least once in any twelve (12) months period. CSA may delete any Security Disclosure in its sole judgment.
CSA DOES NOT VERIFY THE ACCURACY, COMPLETENESS, OR CORRECTNESS OF ANY SECURITY DISCLOSURE. THE SECURITY DISCLOSURES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. The CSA STAR Registry Service is provided at no cost to the cloud service providers and to their customers or prospective customers. YOUR USE OF ANY SECURITY DISCLOSURE ON THE CSA STAR REGISTRY IS AT YOUR OWN RISK WITHOUT ANY WARRANTY OF ANY KIND. YOU SHOULD ALWAYS CONFIRM WITH THE ENTITY THAT HAS POSTED A SECURITY DISCLOSURE ON THE CSA STAR REGISTRY THAT THE DISCLOSURE IS TRUE, ACCURATE, CORRECT, COMPLETE, AND UP-TO-DATE.
Posting a Security Disclosure on the CSA STAR Registry is subject to the CSA STAR Registry Terms and Conditions.
Rules of Conduct
While using the Site, you will respect the rights and dignity of others and comply with all applicable laws, rules, and regulations and the rules set forth in this section. Your failure to comply with these rules may result in termination of your access to the Site.
You will not, without our express prior written consent:
- Send unsolicited commercial emails to the email addresses provided on the Site;
- Delete or modify any of the Material on the Site;
- Use any of the CSA’s logos, names, trademarks, or service marks without our prior written consent, including, without limitation, as metatags or hidden text;
- Use the Site to defame, abuse, harass, stalk, threaten, or violate the privacy rights, rights of publicity, or other rights of others, or collect personally identifiable information about other users of the Site;
- Interfere with the operation of the Site or the servers or networks used to make the Site available; or violate any requirements, procedures, policies, or regulations of such networks;
- Transmit any virus, worm, Trojan horse, Easter egg, time bomb, spyware, or other computer code, file, or program that is harmful or invasive or may damage or hijack the operation of, or monitor the use of, any hardware, software, or equipment;
- Use any robot, spider, site search/retrieval application or other manual or automatic device to retrieve, index, or gather Site content or reproduce or circumvent the navigational structure or presentation of the Site;
- Restrict or inhibit any other person from using the Site (including without limitation by hacking or defacing any portion of the Site);
- Remove any copyright, trademark, or other proprietary rights notice from the Site or Material originating from the Site;
- Frame or mirror any part of the Site without our express prior written consent;
- Systematically download and store any portion of the Site or Material;
- Impersonate any person or entity, falsely state your affiliation with any person or entity in connection with the Site; or express or imply that we endorse any statement that you make; or
- Use the Site for any fraudulent or unlawful purpose.
- Our examination system website is intended to measure your knowledge of exam topics. Any intentional act or attempted act of dishonesty, fraud, or deception that unfairly enhances your performance and undermines the accurate assessment of your knowledge shall provide grounds for sanction, which includes revocation of any achieved certificates and a permanent ban from the examination system.
Privacy
We will treat any personal information that we collect from you in accordance with our Privacy Notice, which is incorporated herein by this reference.
Security
While we try to maintain the security of the Site, we do not guarantee that the Site will be secure or that any use of the Site will be uninterrupted. Additionally, third parties may make unauthorized alterations to the Site. If you become aware of any unauthorized alterations to the Site by third parties, please contact us as soon as possible at [email protected] with a description of the materials at issue and the URL or location of such materials.
Inbound and Outbound Links
If you link to the Site, the link may not be used in any way that suggests that the Cloud Security Alliance endorses you or your website, or that disparages the Cloud Security Alliance or its products or services. We reserve the right to request that you remove any link to the Site.
The Site provides links to other web sites and online resources. We are not responsible for, and do not endorse, such external sites or resources. Your use of third party websites and resources that are linked to our Site is at your own risk.
Intellectual Property
CSA and its licensors and suppliers own the Material, trademarks, services marks, logos, and other Material or content that are displayed on, or made available through, the Site. These Material, trademarks, service marks and other material or content are protected by US and foreign copyright, trademark, patent, and/or other intellectual property laws and other applicable laws; they may not be used in any manner, or for any purpose, without CSA’s express written permission, except as provided for herein.
CSA’s trademarks and service marks include, without limitation, Cloud Security Alliance; CSA; Certificate of Cloud Security Knowledge; CCSK; CSA Security, Trust and Assurance Registry; CSA STAR, and any associated logos.
You may not use our trademarks and service marks in connection with any product or service that is not ours, or in any manner that is likely to cause confusion. Nothing contained on the Site should be construed as granting any license or right to use any trademarks or service marks without express prior written consent of the owner.
Infringement of Third Party’s Intellectual Property Rights
Any person or entity who believes that it has any intellectual property rights or claims that would necessarily be infringed by implementations of any Material or Publication published on this Site should notify the Cloud Security Alliance.
Submissions
Apart from your personal information (which is collected and used as provided in our Privacy Notice, all communications or materials that you send to the Site, electronically or otherwise, including but not limited to data, questions, comments, suggestions, and the like (“Submissions”), will be treated as non-confidential.
By sending Submissions to the Site, you grant us a perpetual, royalty free, sublicensable, irrevocable license to (a) use, reproduce, transmit, disclose to third parties, display, broadcast, post, or create derivative works from, your Submissions; and (b) use any ideas, concepts, techniques, or know-how contained in your Submissions for any purpose, including but not limited to developing, manufacturing, and marketing products and services. You agree never to assert against the Cloud Security Alliance, its successors or assigns, any rights that you may have in such Submissions.
Export Control Laws
Some of the Material or Publications available from the CSA website, the CSA STAR site, the CCSK site, or any of the other CSA its subsites may be subject to the export control laws of the United States.
By downloading, copying, or otherwise using the Material, Publications or content posted or available from the CSA Site or subsites, you represent, warrant and covenant that: (i) You do not reside in a country subject to embargo or export controls by the U.S. Government; (ii) You are not on the List of Denied Persons as published by the U.S. government; and (iii) You will not use these material or content for any illegal purpose.
You further agree that you will not upload, export or “re-export” (transfer) these Material. Publications or content unless you have complied with all applicable U.S. export controls.
Disclaimers of Warranties
The Site, Services and Material made available through the Site are provided “as is” without any express representations or warranties of any kind. The entire risk as to satisfactory quality, performance, and accuracy is with you.
CSA does not make any no warranty that (a) any Material, Product or Service provided or referenced by this Site will be complete or accurate on a particular date, will not contain typographical errors, will fulfill any of your particular purposes or needs, or will not infringe on any third party rights; (b) the operation of the Site will be error-free or uninterrupted; (c) defects will be corrected; (d) the Site, Material, Product, Services, or any communications sent by us or on our behalf will be free of viruses or other harmful devices; (e) the Site or Material will be available to you at all times; or (f) the Site, Material, Products or Services offered through the Site are available in all jurisdictions.
YOU BEAR ALL RISKS ASSOCIATED WITH THE USE OF THE SITE, INCLUDING ANY RELIANCE ON THE ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY MATERIAL, PRODUCT OR SERVICE THAT IS MADE AVAILABLE THROUGH THE SITE.
CSA DISCLAIMS ALL STATUTORY OR IMPLIED REPRESENTATIONS, WARRANTIES, TERMS, AND CONDITIONS WITH RESPECT TO THE SITE, PRODUCTS, SERVICES OR MATERIAL, INCLUDING THE REPRESENTATIONS AND WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON INFRINGEMENT.
Limitation of Liability
CSA assumes no liability or responsibility for any errors or omissions in the Material or any part of the Site, or any damages from any viruses that may affect your computer equipment or other property, or any other damages of any kind resulting from your access to or use of the Site, Material, Product or Services, or from any content posted on or available through the Site.
YOUR SOLE AND EXCLUSIVE REMEDY FOR DISSATISFACTION WITH THE SITE, MATERIAL, PRODUCT OR SERVICES IS TO STOP USING IT.
UNDER NO CIRCUMSTANCES, INCLUDING NEGLIGENCE, SHALL CSA BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT RESULT FROM YOUR USE OF, OR INABILITY TO USE, THE CSA SITE, PRODUCTS, SERVICES, MATERIAL, CSA STAR REGISTRY; OR FROM THE DECISIONS MADE OR ACTIONS TAKEN BY CUSTOMERS OR POTENTIAL CUSTOMERS OR PROVIDER BASED ON THE INFORMATION POSTED ON A SECURITY DISCLOSURE; OR FROM MISTAKES, OMISSIONS, INTERRUPTIONS, DELETION OF FILES, ERRORS, DEFECTS, DELAYS IN OPERATION OR TRANSMISSION; OR FROM LOSS OF PROFITS, USE, DATA, GOODWILL, OR OTHER INTANGIBLES, THE COST OF PROCUREMENT OF SUBSTITUTE PRODUCTS OR SERVICES; OR FROM THE LOSS OF SECURITY OF INFORMATION THAT YOU HAVE PROVIDED IN CONNECTION WITH YOUR USE OF THE SITE OR THE UNAUTHORIZED INTERCEPTION OF ANY SUCH INFORMATION BY THIRD PARTIES; OR FROM ANY FAILURE OF PERFORMANCE WHETHER OR NOT CAUSED BY EVENTS BEYOND CSA’S REASONABLE CONTROL, INCLUDING BUT NOT LIMITED TO ACTS OF GOD, COMMUNICATIONS LINE FAILURE, THEFT, DESTRUCTION, OR UNAUTHORIZED ACCESS TO THE SITE’S MATERIAL, RECORDS, PROGRAMS, PRODUCTS OR SERVICES.
IN NO EVENT SHALL CSA’S TOTAL LIABILITY FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION RELATED TO, OR CONNECTED WITH ANY SECURITY DISCLOSURE EXCEED ONE DOLLAR (US $1.00), OR THE PRICE YOU PAID FOR A CCSK TOKEN. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES; AS A RESULT, THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
Indemnification
Except to the extent prohibited under applicable law, you will indemnify, defend and hold harmless CSA and its officers, employees, agents from and against any and all loss, costs, expenses (including reasonable attorneys’ fees and expenses), claims, damages and liabilities resulting from, related to or associated with your use of the Site, your activities in connection with the Site, or your violation of this Agreement.
Termination; Discontinuation
CSA may modify or discontinue all or part of the Site; refuse to provide any user with access to the Site; or charge to use parts of the Site, at any time, and for any reason.
Jurisdiction
The Site is operated from the United States, and is not intended to subject the Cloud Security Alliance to the jurisdiction or laws of countries or states other than the United States.
The Site may not be appropriate or available for use in some jurisdictions outside of the United States. If you access the Site, you do so at your own risk, and you are responsible for complying with all local laws, rules, and regulations. We may limit access to the Site to any person, geographic area, or jurisdiction we choose, at any time and in our sole discretion.
Disputes
Any dispute or claim relating in any way to your use of the Site, any CCSK Token, or any Material, Product or Service available from the Site will be resolved by binding arbitration, rather than in court, except that you may assert claims in small claims court if your claims qualify. To begin an arbitration proceeding, you must send a letter requesting arbitration and describing your claim as indicated in the “How to Contact Us” section below. The arbitration will be conducted by the American Arbitration Association (AAA) under its rules (including without limitation the Supplementary Procedures for Consumer-Related Disputes, if applicable), The AAA’s rules are available at www.adr.org or by calling 1-800-778-7879. Payment of all filing, administration, and arbitrator fees will be governed by the rules of the AAA. You may choose to have the arbitration conducted by telephone, based on written submissions, or in person in the county where you live or at another mutually agreed location.
We both agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated or representative action. If for any reason a claim proceeds in court rather than in arbitration, we each waive any right to a jury trial.
We also both agree that you or we may bring suit in court to enjoin infringement or other misuse of intellectual property rights.
Notices
Notices to you may be made via posting to the Site, by email, or by regular mail, in our discretion. You consent to receive electronic communications from CSA, whether addressed to the e-mail address associated with your cloudsecurityalliance.org account , if any. You acknowledge and agree that any communication via e-mail or by postings on the cloudsecurityalliance.org website satisfies any legal requirement that such communications be made in writing.
Miscellaneous
Entire Agreement – This Agreement makes up the entire agreement between CSA and you relating to your use of the Site, Products, Services, Material, and it replaces any prior understandings or agreements (whether oral or written) regarding such use. The CSA STAR Registry Terms and Conditions govern only the relationship between the CSA and the providers who submit Security Disclosures for posting on the CSA STAR Registry.
Force Majeure – The failure of CSA to comply with this Agreement because of an act of God, war, fire, riot, terrorism, earthquake, actions of federal, state or local governmental authorities or for any other reason beyond the reasonable control of CSA, shall not be deemed a breach of this Agreement.
Governing Law – This Agreement and any dispute of any sort that might arise between you and Cloud Security Alliance will be governed by and construed in accordance with the laws of the State of Washington without regard to conflicts of law principles, as well as the Federal Arbitration Act and applicable federal law.
Headings – The headings in this Agreement are only for convenience and reference and do not limit or affect the Agreement.
Modifications – CSA reserves the right to revise this Agreement at any time and for any reason, and such revisions shall be effective immediately upon notice thereof, which may be given by any means including posting the updated version on the Site. Your continued use of the Site after the update has become effective will be deemed an acceptance of the revised terms.
No Assignment – You may not assign, transfer, or sublicense any or all of your rights or obligations under this Agreement without our express prior written consent.
Severability – If any provision of this Agreement is found by a court of applicable jurisdiction to be unlawful, void, or unenforceable, the provision will be deemed severed from this Agreement, and will not affect the validity and enforceability of any remaining provisions.
Waiver – If CSA fails to act with respect to a breach of this Agreement on any occasion, CSA is not waiving its right to act with respect to future or similar breaches.
Contact Information
If you have any questions or complaints regarding this Agreement or the Site, please contact us:
For customers in North and South America, Asia Pacific, and the rest of the world excluding Europe, Middle East and Africa, please contact:
Cloud Security Alliance 2212 Queen Anne Ave N Seattle, WA 98109 USA T: +1 (206) 201 2132 E: [email protected]
For customers in Europe, Middle East and Africa, please contact:
Cloud Security Alliance (Europe) 34 Melville Street Edinburgh, EH3 7HA, United Kingdom T: +44 (131) 208 2460 E: [email protected]