Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Cloud Security Alliance announces open certification framework for cloud providers

The Cloud Security Alliance has launched the CSA Open Certification Framework, an industry initiative to allow global, trusted certification of cloud providers.

The CSA Open Certification Framework is aimed at enabling flexible, incremental and multi-layered cloud provider certification, which will support popular third-party assessment and attestation statements developed within the public accounting community.

Jim Reavis, executive director of the CSA said, “We all recognize that no single certification, regulation or other compliance requirement will supplant all others in governing the future of IT. However, the rise of cloud as a global compute utility creates a mandate to better harmonize compliance concerns. Both consumers and providers alike will benefit from the knowledge that their CSA-backed compliance activities will be broadly applicable within global regulatory regimes.”

The CSA Open Certification Framework is based upon the control objectives and continuous monitoring structure as defined within the CSA GRC (Governance, Risk and Compliance) Stack research projects. The CSA Open Certification Framework will support several options and tiers, recognizing the varying assurance requirements and maturity levels of providers and consumers. These will range from the CSA Security, Trust and Assurance Registry (STAR) self-assessment to high-assurance specifications that are continuously monitored. CSA will also work closely with the assurance community to develop programs for qualified assessors for the CSA Open Certification Framework.

The CSA Open Certification Framework will provide explicit guidance for providers to use GRC Stack tools for multiple certification efforts. For example, scoping documentation will articulate the means by which a provider may follow an ISO/IEC 27001 certification path that incorporates the CSA Cloud Controls Matrix (CCM). The CSA will also provide guidance as to how a provider may use the CCM inside of an AICPA SSAE16 attestation. CSA supports certify-once, use-often, where possible.


•Date: 10th May 2012 • World •Type: Article • Topic: Cloud computing

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here