CAIQ (Consensus Assessments Initiative Questionnaire)
Definition
A questionnaire published by the Cloud Security Alliance, designed specifically for cloud service providers. It maps to the CSA Cloud Controls Matrix (CCM) and addresses cloud-specific concerns including data residency, virtualisation security, and the shared responsibility model.
Related terms
- Audit rights clause
- A contractual provision giving the buying organisation the right to assess, inspect, or commission a third-party audit of the vendor's security controls....
- Fourth-party risk
- The risk arising from a vendor's own subcontractors and suppliers. If a critical vendor outsources key processes to a subcontractor, the organisation's...
- Inherent risk
- The level of risk a vendor relationship carries before any controls are applied. Inherent risk determines how deep an assessment must be:...
- SIG (Standardised Information Gathering)
- A vendor security questionnaire published by Shared Assessments. The SIG Core covers eighteen risk domains including access control, data security, and business...
- SOC 2 Type II report
- An independent audit report on a service organisation's controls related to security, availability, processing integrity, confidentiality, and privacy. Type II reports cover...
Explained in
- Vendor Security Questionnaires and AssessmentsA questionnaire published by the Cloud Security Alliance, designed specifically for cloud service providers. It maps to the CSA Cloud Controls Matrix (CCM) and...