Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

Working Group

Enterprise Authority to Operate (EATO)

This working group’s mission is to achieve and maintain certification for small and mid-sized vendors and service providers to be accepted by larger corporate clients.
Enterprise Authority to Operate Working Group Charter 2023
Enterprise Authority to Operate Working Group Charter 2023

Download

Enterprise Authority to Operate (EATO)
Enterprise Authority to Operate (EATO) targets risks inherent in Anything as a Service (XaaS) products, underlying cloud based infrastructure or platforms, information security and privacy, and the topics of Business Continuity, Data Retention, Archiving, and vendor/service provider controls and risks.

The EATO Working Group defines and sets auditing requirements and minimum standards required to be achieved to pass the EATO assessment and certification. The EATO Working Group defines requirements towards consultancy companies to support small and mid-sized vendors/service providers, with the aim of enabling them to derive architectures and designs compliant with the EATO certification schemes.

What do we discuss?

The objective of the program will be to harmonize with existing third-party certifications and audit standards to avoid duplication of effort and cost.
The EATO Working Group will define the control and assessment framework, assessment guidance and auditing principles and requirements.

The EATO is based on the technical best practices and control frameworks defined within relevant CSA’s Working Groups, such as for instance the Cloud Control Matrix (CCM), the Consensus Assessment Initiative Questionnaire (CAIQ), the Level Agreement research initiatives, as well as the IoT Control Framework.

Working Group Leadership

Rolf Becker
Rolf Becker

Rolf Becker

Co-Founder and Chair at UBS

Rolf A. Becker is Head Service Control Governance at UBS, globally responsible for Cloud Governance regarding Risk and Control over the UBS Group Cloud adoption and for outsourcing to external cloud-based 3rd party services. Previous roles have been the management of the Cyber and Information Security Portfolio reporting to the UBS CISO at a global level, and the management of the Client Data Confidentiality Program Unstructured Data Protec...

Read more

Working Group Co-Chairs

Sébastien Contreras
Sébastien Contreras

Sébastien Contreras

Sébastien Contreras is responsible for Pictet Group Outsourcing Framework, as well as for Cloud Security Governance. Prior to that, he was responsible for Group Confidentiality & Information Management at Tetra Laval Group and for Information Security Strategy & Architecture at Merck and Merck Serono.

20 years of experience in Information Security across highly regulated industries such as Banking, Pharmaceutical & BioTech, Manufactur...

Read more

Publications in ReviewOpen Until
Zero Trust Privacy Assessment and GuidanceDec 27, 2024
Cybersecurity and the Data LifecycleJan 05, 2025
AI Controls MatrixJan 19, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Zero Trust Privacy Assessment and Guidance

Open Until: 12/27/2024

The objective of this paper is to provide guidance for using zero trust in privacy implementation. This document highlights...

Cybersecurity and the Data Lifecycle

Open Until: 01/05/2025

The data lifecycle refers to the comprehensive process that data undergoes, from its creation to eventual disposal. Underst...

AI Controls Matrix

Open Until: 01/19/2025

The CSA AI Controls Matrix is a framework of control objectives to support organizations in their secure and responsible de...