CSA Global Consultancy Program
CSA Global Consulting Program
The demand for cloud services continues to grow; in fact, Gartner predicts that by 2020, more than $1 trillion in IT spending will shift to the cloud. For many organizations, adopting the cloud begins as an elaborate and sometimes complex series of business and technology decisions. Understanding and weighing all the software as a service (SaaS), platform as a service (Paas), and infrastructure as a service (IaaS) options that are available can be a monumental task, and it can be difficult to know where to begin.
The Cloud Security Alliance Global Consulting Program (CSA GCP) allows cloud users to work with a network of trusted security professionals and organizations that offer qualified professional services based on CSA best practices. These providers bring with them a broad understanding of the challenges organizations face when moving to the cloud.
Join a trusted network of fellow industry leaders providing high-quality cloud security consultancy services. Learn more about the opportunities and benefits of becoming a certified CSA global consulting partner.
Access the CSA GCP registration to find the qualified resources to help your organization make a safe move to the cloud. Connect directly with consulting services providers that meet your needs.
CSA Global Consulting Program - Frequently Asked Questions
Q1: What is the CSA Global Consulting Program (GCP)?
A1: The CSA Global Consulting Program (CSA GCP) allows cloud security professionals and organizations with a broad understanding of CSA best practices and values to be recognized by CSA as qualified source of professional services based on CSA best practices.
The main objective of the CSA GCP is to provide consulting services through the creation of a trusted network of resources that provides high-quality cloud security consultancy services based on CSA best practices.
Q2: What are the benefits of the CSA GCP?
A2 (a) Cloud Consultant Benefits: The CSA GCP aims to simplify the research for trusted consulting services through the creation of an openly accessible pool of qualified organizations and professionals recommended by CSA.
The benefits for the qualified consulting partners include:
- provide consulting services based on CSA best practices
- recognition by CSA as an expert
- achieve visibility toward potential customer
- access to CSA’s community and network
- greater reach through CSA's marketing campaigns
A2 (b) Cloud Consumer Benefits: The main benefit for the cloud customer and CSPs is the possibility to easily access a repository of qualified cloud security experts who have been authorized by CSA to provide consultancy services based on CSA best practices.
Q3: How is GCP structured?
A3: The CSA global consulting services program defines policy and requirements for an organization to be recognized by CSA as authorized consulting services provider.
The program will define two (2) categories of partners:
- Standard Authorized Partners (SAP)
- Advanced Authorized Partners (AAP)
Q4: What is a Standard Authorized Partners (SAP)?
A4: A Standard Authorized Partners (SAP) is a consulting firm that has met the requirements of the CSA Consultancy Program.
The requirements are:
- Employ a minimum of three (3) Qualified Consultants
- Adhere to the CSA GCP code of ethics
- Adhere to the CSA GCP terms and conditions
- Provide, within twelve (12) months from the signing of the GCP agreement, at least one (1) references from customers engaged with services relevant in the scope of the GCP.
Q5: What is an Advanced Authorized Partner (AAP)?
A5: An Advanced Authorized Partner (AAP) is a consulting firm that has met the requirements of the CSA Consultancy Program.
The requirements are:
- Employ at least five (5) Qualified Consultants
- Adhere to the CSA GCP Code of Ethics
- Adhere to the CSA GCP terms and conditions
- Provide, within twelve (12) months from the signing of the GCP agreement, at least three (3) references from customers engaged with services relevant in the scope of the GCP.
- Be a CSA corporate member
Q6: What is a Qualified Consultant (QC)?
A6: A Qualified Consultant (QC) is a security professional who has achieved the following qualification and certifications:
- Demonstrated, through an interview conduct by a CSA-designated person, knowledge of the CSA’s mission, activities and relevant best practices (REQUIRED).
- Successfully passed the current version of the Certificate of Cloud Security Knowledge (CCSK) examination (REQUIRED).
- Completed the CSA CCM training course (REQUIRED).
- Achieved the CSA STAR Certification Qualified Auditor and/or Consultant designation by attending a qualified course and passing the associated exam. (REQUIRED in alternative to the CCM training)
- Successfully passed the current version of the Certified Cloud Security Professional (CCSP) exam. (PREFERRED)
Q7: What are the specific benefits for SAP and AAP
A7: The specific benefit are described in the table below
|Company profile and logo listed on CSA website in the GCP Registry|
|Use of CSA GCP logo|
|Use of the CSA logo|
|Access to the CSA GCP self-service marketing package|
|Eligible for CSA-branded webinars (CloudBytes)|
|Eligible for CSA-branded case study|
|Eligible for CSA Executive quote for partner marketing collaterals|
|Discount on CCSK training (10%)|
|Discount on CCSK tokens (10%)|
|Discount on CCM training (10%)|
|Discount on STAR Certification Lead Auditor training (10%)|
|Eligible for discount on CSA events sponsorship packages|
|Discount on STARWatch licenses|
Q8: As a member of the GCP, what visibility will my company have on CSA’s web site?
A8 (a) AAP: AAP will be listed on the CSA Consulting Program Registry in the CSA website. The company profile will include:
- Consulting partner name
- Short description of the relevant services offered
- Region(s) / Countries where the AAP operates
- Contact details
- Name of the Qualified Consultant (QC) (Optional)
- Relevant CSA Certification / Qualification (i.e., CCSK, STAR Certification Qualified Consultant, CCM, CCSP) owned by the team.
A8 (b) SAP: SAPs are not directly listed on the CSA website. CSA will maintain a list of SAPs in each Region (APAC, North America, LatAm, EMEA). The relevant list will be provided to any third-party customer upon request.
Q9: What the scope of the CSA GCP?
A9: The GCP will mainly focus on consultancy support in the areas of secure cloud design, cloud architectures, secure cloud implementation, cloud information security programs, cloud assessment and compliance, risk management, and cloud security governance.
The following CSA best practices shall be included as a reference body of knowledge:
CSA Security Guidance, Cloud Control Matrix, Consensus Assessment Initiative, Open Certification Framework and STAR Program, Enterprise Architecture, and Software Defined Perimeter.
CSA encourages partners to investigate the possibility to deliver consultancy services based on new CSA best practices in the areas of Mobile Security, Big Data and IoT.
Q10: Where I can find more information about CCM training, including the class schedule?
A10: For information about the CCM training course, please check here: https://cloudsecurityalliance.org/education/training/ and here for the schedule: https://cloudsecurityalliance.org/education/training/#_ccm
Q11: Where I can find more information about the CCSK training, including the class schedule?
A11: For information about the CCSK training course, please check here: https://cloudsecurityalliance.org/education/training/ and here for the schedule: https://cloudsecurityalliance.org/education/training/#_ccsk
Q12: Where I can find more information about the STAR Certification training, including the class schedule?
A12: For information about the STAR Certification training course, please check here: https://bsi.learncentral.com/shop/Course.aspx?id=23192&name=Certified+CSA+STAR+Auditor
Q13: Where I can find more information about CSA corporate membership, including the cost?
A13: For more info about CSA membership, please check here: https://cloudsecurityalliance.org/membership/
Q14: Is there a GCP agreement?
A14: Organizations that want to join the GCP need to sign the program agreement, which includes the terms and conditions and code of ethics of the CSA GCP.
Q15: Are there any fees associated with participation in the GCP?
A15: There is no additional fee to be paid by an AAP. In case an AAP member requests multiple entries in the GCP Registry (e.g., if the company has multiple legal entities in different regions), the AAP will pay a registration fee of $1,200.00 USD and an annual fee of $900 USD for any additional entries after the first.
There are no costs associated to the status of SAP.
Q16: My company is part of a network of companies (e.g., Big Fours), and one of the member of the network is already a CSA corporate member as well as member of the GCP. What are the steps I need to take for getting my company listed, too?
A16: If companies are part of a network of companies having different legal entities, each of them needs to have a different entry in the GCP registry. That means that each of the members of the network needs to sign a GCP agreement and fulfill the technical requirements.
The members of the network, other the one that owns the CSA corporate membership, don’t have to pay an additional CSA membership, but they will be requested to pay a registration fee of $1,200.00 USD and an annual fee of $900 USD to maintain their GCP status.
Q17: I’m CCSK and CCSP certified. Do I meet the QC requirements?
A17: In order for someone to become a CSA QC, s/he must satisfy the minimum requirements, e.g.:
- Complete CCM training
- Interview on CSA related expertise
The STAR Certification training and certification, as well as the CCSP, are to be considered as added value and referenced in the partner’s profile.
Q18: Does CSA provide consulting services?
A18: CSA does not provide direct consulting services.
Q19: What if I have additional questions about the CSA GCP program?
A19: For inquiries, please email us at [email protected]
CSA Global Consulting Partner Registry
Securosis is an information security research and advisory firm dedicated to transparency, objectivity, and quality. We are totally obsessed with improving the practice of information security. Our job is to save you money and help you do your job better and faster by helping you cut through the noise and providing clear, actionable, pragmatic advice on securing your organization.
Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs in any technology environment, whether on premise, cloud or a hybrid of both. Optiv is positioned as the security specialist to help you define your strategy, identify threats and risks and help you deploy the right technology to secure your business. Our full suite of service and solution capabilities span across multiple disciplines such as security program strategy, cloud security, risk and compliance management, application security, identity and access management, security operations and foundational security.
KPMG provide independent, jargon free advice and advanced technology capabilities to help our clients proactively manage their technology risks and use their data to its full potential.
Cloud services provided based on CSA best practices:
- Cloud Security Strategy
- Cloud Security Architecture
- Cloud Supplier Assessment and Due Diligence
Founded in 2004, BH Consulting is an award-winning independent advisory firm specialising in information security consulting, cybersecurity, cloud security, risk assessment, cloud forensics, and training. BH Consulting is recognised internationally as a leader in cybersecurity by Kennedy Consulting Research & Advisory, and has won numerous awards in recognition of its excellence and professionalism.