The CSA’s GRC stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.
The GRC stack is an integrated suite of CSA initiatives — CloudAudit, Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire — available for free download.
Through this licensing agreement, the CSA plans to integrate the CTP into this stack and distribute it at no charge to enterprises, consumers and cloud service providers, enabling them to bring workloads more efficiently to the cloud.
The CTP was created by CSC to provide the cloud consumer with the right information to confidently make choices about what processes and data to put into what type of cloud, and to sustain information risk management decisions about cloud services.
It provides transparency into cloud service delivery, offering cloud consumers important information about service security and cloud service providers with a standard technique to prepare and deliver information to clients about their data. In so doing, the CTP generates the evidence needed to verify that all of a company’s activity in the cloud is happening as described.