Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Don't miss out! Join us for the free, virtual Global AI Symposium from October 22nd - 24th—register today!

Working Group

Enterprise Authority to Operate (EATO)

This working group’s mission is to achieve and maintain certification for small and mid-sized vendors and service providers to be accepted by larger corporate clients.
Enterprise Authority to Operate Working Group Charter 2023
Enterprise Authority to Operate Working Group Charter 2023

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Working Groups
Enterprise Authority to Operate (EATO)
Enterprise Authority to Operate (EATO) targets risks inherent in Anything as a Service (XaaS) products, underlying cloud based infrastructure or platforms, information security and privacy, and the topics of Business Continuity, Data Retention, Archiving, and vendor/service provider controls and risks.

The EATO Working Group defines and sets auditing requirements and minimum standards required to be achieved to pass the EATO assessment and certification. The EATO Working Group defines requirements towards consultancy companies to support small and mid-sized vendors/service providers, with the aim of enabling them to derive architectures and designs compliant with the EATO certification schemes.

What do we discuss?

The objective of the program will be to harmonize with existing third-party certifications and audit standards to avoid duplication of effort and cost.
The EATO Working Group will define the control and assessment framework, assessment guidance and auditing principles and requirements.

The EATO is based on the technical best practices and control frameworks defined within relevant CSA’s Working Groups, such as for instance the Cloud Control Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ), the Level Agreement research initiatives, as well as the IoT Control Framework.

Working Group Leadership

Rolf Becker
Rolf Becker

Rolf Becker

Co-Founder and Chair at UBS

Rolf A. Becker is Head Service Control Governance at UBS, globally responsible for Cloud Governance regarding Risk and Control over the UBS Group Cloud adoption and for outsourcing to external cloud-based 3rd party services. Previous roles have been the management of the Cyber and Information Security Portfolio reporting to the UBS CISO at a global level, and the management of the Client Data Confidentiality Program Unstructured Data Protec...

Read more

Working Group Co-Chairs

Sébastien Contreras
Sébastien Contreras

Sébastien Contreras

Sébastien Contreras is responsible for Pictet Group Outsourcing Framework, as well as for Cloud Security Governance. Prior to that, he was responsible for Group Confidentiality & Information Management at Tetra Laval Group and for Information Security Strategy & Architecture at Merck and Merck Serono.

20 years of experience in Information Security across highly regulated industries such as Banking, Pharmaceutical & BioTech, Manufactur...

Read more

Publications in ReviewOpen Until
Cloud Security for Startups 2024Oct 24, 2024
Shadow Access and AINov 17, 2024
Enterprise Authority To Operate (EATO) Auditing GuidelinesNov 18, 2024
Context-Based Access Control for Zero TrustNov 27, 2024
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Cloud Security for Startups 2024

Open Until: 10/24/2024

This publication was produced through the efforts of chapters and volunteers but the content development falls outside of t...

Participate in peer review

Shadow Access and AI

Open Until: 11/17/2024

The document titled "Shadow Access and AI" explores the intricate relationship between Shadow Access and AI, highlighting t...

Participate in peer review

Enterprise Authority To Operate (EATO) Auditing Guidelines

Open Until: 11/18/2024

The CSA Enterprise Authority to Operate (EATO) Working Group has identified gaps within the understanding and implementa...

Participate in peer review

Context-Based Access Control for Zero Trust

Open Until: 11/27/2024

The document "Context-Based Access Control for Zero Trust" provides guidance on implementing context-based access control (...

Participate in peer review