Cloud 101CircleEventsBlog
Join AT&T's experts & CSA's Troy Leach on April 4 to boost your cyber resilience in 2024!

Working Group

SaaS Governance

This group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider.
View Current Projects
Working Group Overview
This group aims to benefit all parties in the Software-as-a-Service (SaaS) ecosystem by supporting a common understanding of SaaS related risks from the perspectives of the cloud customer and cloud service provider.


What do we discuss? 
During our meetings we typically discuss changes in the industry and collaborate on projects the group is currently working on. We welcome anyone who would like to join, even if you would like to just listen-in on your first call.


Drafts & Important Docs

Working Group Leadership

Ronald Tse
Ronald Tse

Ronald Tse

CEO, Ribose

Ronald has served CSA in numerous capacities, including as a member of CSA's APAC Research Advisory and International Standardization Council. Additionally, he co-chairs the Open Certification Framework (OCF), SaaS Governance, and DevSecOps working groups. He is the founder and CEO of Ribose, where under his leadership the company has been consistently awarded the industry's highest cloud security ratings, including being the on...

Read more

Publications in ReviewOpen Until
AI Governance & Compliance in the IndustryApr 06, 2024
AI Legal and Regulatory LandscapeApr 06, 2024
CSA Large Language Model (LLM) Threats TaxonomyApr 19, 2024
Information Technology Governance, Risk, and Compliance in Healthcare v2Apr 26, 2024
View all
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

AI Governance & Compliance in the Industry

Open Until: 04/06/2024

Governance and compliance serve as integral components of organizational management, ensuring adherence to regulations, sta...

CSA Large Language Model (LLM) Threats Taxonomy

Open Until: 04/19/2024

This document establishes a common taxonomy and definitions for key terms related to AI risk scenarios, threats, and contro...

Information Technology Governance, Risk, and Compliance in Healthcare v2

Open Until: 04/26/2024

Cloud GRC is an effective means for organizations to gather important risk data, validate compliance, and report results. O...