Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

Working Group

SaaS Governance

This group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider.
View Current Projects
Working Group Overview
This group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider.


What do we discuss? 
During our meetings we typically discuss changes in the industry and collaborate on projects the group is currently working on. We welcome anyone who would like to join, even if you would like to just listen-in on your first call.


Drafts & Important Docs

Working Group Leadership

Ronald Tse
Ronald Tse

Ronald Tse

CEO, Ribose

Ronald has served CSA in numerous capacities, including as a member of CSA's APAC Research Advisory and International Standardization Council. Additionally, he co-chairs the Open Certification Framework (OCF), SaaS Governance, and DevSecOps working groups. He is the founder and CEO of Ribose, where under his leadership the company has been consistently awarded the industry's highest cloud security ratings, including being the on...

Read more

Publications in ReviewOpen Until
Zero Trust Privacy Assessment and GuidanceDec 27, 2024
Cybersecurity and the Data LifecycleJan 05, 2025
AI Controls MatrixJan 19, 2025
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Zero Trust Privacy Assessment and Guidance

Open Until: 12/27/2024

The objective of this paper is to provide guidance for using zero trust in privacy implementation. This document highlights...

Cybersecurity and the Data Lifecycle

Open Until: 01/05/2025

The data lifecycle refers to the comprehensive process that data undergoes, from its creation to eventual disposal. Underst...

AI Controls Matrix

Open Until: 01/19/2025

The CSA AI Controls Matrix is a framework of control objectives to support organizations in their secure and responsible de...