CSA Contributes to Key How-To Guidance Documents for Multi-Party Recognition and Continuous Audit-Based Certification

Practical guidelines to innovative framework promoting trust in cloud services

BERLIN –– Nov. 7, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the availability two guidance documents – Implementing Multi-Party Recognition for Cloud Security Certifications and Implementing Continuous Audit-Based Certification – designed for cloud stakeholders wishing to improve the business value, efficiency and effectiveness of their approach to cloud security certification schemes.

Since January 2017, CSA has been a key partner in the European Security Certification Framework (EU-SEC, a project funded by the European Commission under the H2020 program for research and innovation. The aim of EU-SEC is to create a framework under which existing certification and assurance approaches can co-exist, adding at the same time an additional layer of trust, assurance and transparency by including continuous auditing-based certifications.

“Compliance fatigue and lack of clarity is a tremendous problem in the cloud industry,” said Daniele Catteddu, Global CTO at CSA. “The multi-party approach to cloud security certifications is a great way to tackle this as it minimizes the compliance burden for cloud service providers, as well as delivering a competitive advantage to auditors.”

“I think this [Framework] is a big step towards managing compliance and providing a common framework to many large, complex and multi-site organizations,” said Jatin Sehgal, Global Leader and Managing Partner, EY CertifyPoint.

Based on survey and analysis of the certification and standardization landscape which highlighted a number of issues in the ICT market in Europe, such as lack of trust and transparency, compliance fatigue and assurance gaps, the EU-SEC embarked on an ambitious path to create a framework which would assist cloud stakeholders navigating this complex and confusing field. The intervening years have been dedicated to developing this framework, leveraging the expertise of partners such as CSA.

The publication of the EU Cybersecurity Act (EUCA) in June 2019, which shares EU-SEC’s objective of increasing trust in ICT services, has reinforced and supported the work of EU-SEC.

The newly published how-to guidance documents bring together that expertise in a practical format for auditors, standard owners, cloud service providers and auditees who are looking to innovate their approach to certification and standardization.

In order to ensure the Framework remains relevant, CSA is inviting cloud stakeholders to complete a short survey on the certification and standardization landscape. The valuable contribution of auditors, standard owners and cloud service providers to this survey will provide CSA with an updated understanding of existing practices and feed into the development of the framework. The survey, which closes Nov. 28, can be found here.