☁️ CSA – Certificate of Cloud Auditing Knowledge (CCAK)

🧠 1. Certification Name and Issuing Body

  • Full name: Certificate of Cloud Auditing Knowledge (CCAK)

  • Issuing organization: Cloud Security Alliance (CSA) in collaboration with ISACA

  • Reputation and global recognition: The first global, vendor-neutral cloud auditing certification. Respected among cloud auditors, risk managers, and compliance professionals

📚 2. Curriculum and Skills Covered

  • Covered domains:

    1. Cloud governance, risk, and compliance (GRC)

    2. Cloud auditing principles

    3. Cloud assurance and compliance program design

    4. Continuous monitoring strategies

    5. Cloud-specific security and compliance controls

    6. Evaluation of cloud services and providers

  • Depth of content: Advanced – strong focus on theory, frameworks, and audit execution rather than hands-on configuration

  • Technologies and tools included:

    • Focus on frameworks like CSA Cloud Controls Matrix (CCM), STAR, ISO/IEC 27017/27018, NIST, COBIT

    • Audit and compliance methodologies tailored to cloud environments

  • Relevance in the current job market: Very high for auditors, risk professionals, and compliance analysts working with cloud-native or hybrid systems

  • Mapping to frameworks: Fully aligned with CSA CCM, STAR, ISACA COBIT, ISO 27001, FedRAMP, and NIST SP 800-53

🧩 3. Prerequisites and Recommended Level

  • Prior experience required:

    • Recommended: Prior experience in IT auditing, GRC, or cloud security

    • CISA, CCSK, or equivalent knowledge is a strong advantage

  • Expected skill level: Advanced

  • Recommended knowledge: Cloud architecture basics, security controls, audit lifecycle, regulatory compliance

🧪 4. Exam Format and Difficulty

  • Exam format:

    • 76 multiple-choice questions

    • Time: 2 hours

    • Passing score: 70%

  • Languages: English

  • Difficulty: High – especially for those without audit or compliance background

💰 5. Cost and Renewal

  • Exam cost:

    • $395 USD (exam only)

    • $495 USD (bundle with study guide)

  • Recertification: Every 3 years

  • CPEs required: 45 Continuing Professional Education credits

  • Renewal method: Earn CPEs and pay renewal fee

💼 6. Industry Recognition and Job Roles

  • Global demand: High – especially in regulated industries (finance, healthcare, critical infrastructure)

  • Recognized by: Enterprises, audit firms, cloud providers, and risk consultancies

  • Typical job roles:

    • Cloud Auditor

    • Compliance Manager

    • Risk & Governance Analyst

    • GRC Consultant

    • Internal Auditor with cloud specialization

💵 7. Salary Expectations

  • Europe: €80,000 – €110,000/year (average: €95,000)

  • USA: $120,000 – $150,000/year (average: $135,000)