Certificate of Cloud Auditing Knowledge Course (CCAK)

The Certificate of Cloud Auditing Knowledge (CCAK) is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical education for cloud IT auditing. This credential leverages CSA’s cloud expertise and ISACA’s traditional audit expertise, combining our know-how and expertise to develop and deliver the best possible solution for cloud auditing education.

  • 4.9/5.0
  • 2844 Enrolled
  • Last updated Jun 16, 2026
Book a Seat

Course Overview

  • The Certificate of Cloud Auditing Knowledge (CCAK) is a globally recognized certification jointly developed by the Cloud Security Alliance (CSA) and ISACA, two leading organizations in cloud security and IT governance. This certification is designed to bridge the knowledge gap between cloud computing and traditional IT auditing, providing professionals with the skills and understanding required to effectively audit, assess, and ensure compliance in modern cloud environments.
  • The CCAK builds upon the foundational knowledge of the CSA’s Certificate of Cloud Security Knowledge (CCSK) and complements ISACA’s ANSI-accredited certifications such as CISA, CISM, CRISC, and CGEIT. It introduces a comprehensive framework for evaluating cloud-specific controls, governance models, and compliance standards, ensuring that professionals can address the unique risks and challenges presented by cloud technologies.
  • In today’s digital landscape, organizations increasingly rely on cloud services to achieve scalability, efficiency, and innovation. However, this shift introduces new auditing complexities and accountability models. An audited organization using cloud computing will have a very different approach to satisfying control objectives compared to traditional IT environments. For instance, a cloud tenant may not possess the same level of administrative access as in an on-premises infrastructure, necessitating reliance on shared responsibility models and service provider assurances.
  • The CCAK course equips audit and assurance professionals with practical tools, methodologies, and frameworks to effectively evaluate cloud environments. Participants will gain insight into areas such as cloud governance, risk management, compliance, security assurance, continuous monitoring, and audit readiness. By mastering these concepts, professionals will be better prepared to assess cloud service providers, validate control implementations, and align cloud operations with organizational compliance requirements and international standards.
  • Ultimately, the CCAK certification empowers IT auditors, security professionals, and compliance officers to confidently perform audits in cloud-centric environments, ensuring transparency, accountability, and trust between cloud customers and providers.

Course Outlines

Module 1: Cloud Governance

  • This module introduces the principles of cloud governance and its role in ensuring accountability, transparency, and strategic alignment between cloud service usage and organizational objectives. It covers governance frameworks, shared responsibility models, roles and responsibilities, and how cloud governance differs from traditional IT governance.

Module 2: Cloud Compliance Program

  • Learn how to design, implement, and maintain an effective cloud compliance program. Topics include compliance frameworks and standards (such as ISO 27001, SOC 2, GDPR), mapping regulatory requirements to cloud environments, and integrating compliance into cloud operations and lifecycle management.

Module 3: CCM and CAIQ – Goals, Objectives, and Structure

  • This module provides an in-depth understanding of the Cloud Controls Matrix (CCM) and the Consensus Assessments Initiative Questionnaire (CAIQ) developed by the Cloud Security Alliance (CSA). It explains their purposes, how they complement each other, their structure, and how they can be used to evaluate and manage cloud security and compliance risks.

Module 4: A Threat Analysis Methodology for Cloud Using CCM

  • Focuses on applying threat modeling and risk analysis techniques within cloud environments using the CCM framework. Participants will learn how to identify, assess, and prioritize cloud-specific threats, vulnerabilities, and risks, and how to apply CCM controls to mitigate those threats effectively.

Module 5: Evaluating a Cloud Compliance Program

  • This module teaches how to perform assessments of cloud compliance programs. It covers methodologies for evaluating control effectiveness, evidence collection, reporting, gap analysis, and continuous improvement strategies to ensure ongoing compliance in dynamic cloud environments.

Module 6: Cloud Auditing

  • Explore the key components of cloud auditing, including audit planning, execution, and reporting. Understand how to assess cloud service providers (CSPs) and customers, how to evaluate control implementation, and how to manage audit challenges unique to the cloud—such as limited access to infrastructure and shared responsibilities.

Module 7: CCM – Auditing Controls

  • Provides detailed guidance on how to audit using the Cloud Controls Matrix (CCM). Learners will understand the mapping of CCM controls to other standards and frameworks, testing procedures for each control area, and best practices for documenting audit results and findings.

Module 8: Continuous Assurance and Compliance

  • Learn how to establish mechanisms for continuous monitoring and assurance in cloud environments. Topics include automated compliance tools, security posture management, real-time risk assessment, and integrating continuous auditing processes to maintain compliance across hybrid and multi-cloud setups.

Module 9: STAR Program

  • This module introduces the Security, Trust, Assurance, and Risk (STAR) Program by the CSA. It explains the STAR Registry, levels of assurance (Self-Assessment, STAR Certification, STAR Attestation, and STAR Continuous), and how organizations can leverage the STAR Program to demonstrate transparency and trustworthiness in cloud security and compliance.

Course Objectives

  • The Certificate of Cloud Auditing Knowledge (CCAK) course is designed to provide professionals with the essential knowledge, skills, and methodologies required to effectively audit, assess, and ensure the compliance of cloud computing environments. The course focuses on bridging the gap between traditional IT auditing practices and the evolving landscape of cloud and hybrid infrastructures.

By the end of the course, participants will be able to:

Understand and Apply Cloud Security Assessment Methods and Techniques

  • Gain a deep understanding of various assessment frameworks, tools, and techniques for evaluating cloud services before adoption and throughout their lifecycle.
  • Learn how to identify and mitigate security risks, vulnerabilities, and compliance gaps within different cloud service models (IaaS, PaaS, SaaS).
  • Develop the ability to assess the effectiveness of cloud security controls using frameworks such as CSA’s Cloud Controls Matrix (CCM) and the Consensus Assessments Initiative Questionnaire (CAIQ).

Evaluate Cloud Services Before and During Provisioning

  • Learn how to conduct pre-engagement assessments to ensure that cloud providers meet organizational and regulatory security requirements.
  • Acquire the skills to perform continuous auditing and monitoring to ensure ongoing compliance, security, and performance of cloud environments.
  • Understand how to evaluate shared responsibility models and ensure clarity in accountability between cloud providers and consumers.

Ensure Compliance and Alignment with Corporate Governance

  • Master the process of ensuring that cloud services comply with internal policies, standards, and legal requirements.
  • Learn how to align cloud operations and auditing processes with the organization’s governance, risk management, and compliance (GRC) strategies.
  • Gain expertise in mapping cloud controls to regulatory frameworks such as ISO 27001, GDPR, NIST, and SOC 2.

Transition from Traditional IT Auditing to Cloud and Hybrid Environments

  • Understand the unique challenges and considerations of auditing cloud environments compared to on-premises systems.
  • Develop the capability to assess hybrid architectures where workloads are distributed across multiple environments.
  • Learn how to adapt auditing techniques and control evaluations to the dynamic, elastic, and multi-tenant nature of cloud computing.

Leverage CSA and ISACA Best Practices

  • Apply globally recognized best practices and guidance from the Cloud Security Alliance (CSA) and ISACA to design and perform effective cloud audits.
  • Utilize the knowledge gained from CCAK to enhance collaboration between cloud service providers, consumers, and auditors.
  • Strengthen your ability to communicate audit findings and recommendations to both technical and executive stakeholders.

Develop Practical Cloud Auditing Competence

  • Gain hands-on insights into the use of continuous assurance, automation, and advanced audit tools to improve cloud compliance efficiency.
  • Learn how to document and report cloud audit outcomes effectively, providing actionable insights for risk mitigation and decision-making.
  • Build confidence in evaluating service-level agreements (SLAs), data protection mechanisms, and incident response readiness in cloud ecosystems.
  • Overall, the CCAK course empowers professionals to ensure that cloud services are secure, compliant, transparent, and aligned with organizational governance goals, while equipping them to transition seamlessly from traditional IT auditing to modern cloud and hybrid auditing practices.

Course Prerequisites

  • There are no formal prerequisites for enrolling in the Certificate of Cloud Auditing Knowledge (CCAK) course. However, it is highly recommended that participants have:
  • A basic understanding of cloud computing concepts, including cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid).
  • Some familiarity with IT auditing, risk management, or information security frameworks, which will help in understanding cloud-specific auditing practices.
  • Professionals holding certifications such as CCSK, CISA, CISM, CRISC, or ISO 27001 Lead Auditor may find the course content easier to grasp and more directly applicable to their work.
  • While not mandatory, prior experience in IT governance, security assessment, or compliance management will enhance the learning experience and help participants apply CCAK concepts more effectively in real-world environments.
Please check your input and try again.

Course Schedule

Date Days Left Training Location

Course Exam Info

  • The Certificate of Cloud Auditing Knowledge (CCAK) exam is designed to validate a candidate’s understanding of essential cloud auditing principles, standards, and practices. It assesses the ability to apply auditing techniques in cloud environments, evaluate cloud service providers, and ensure compliance with organizational and regulatory requirements.

Exam Details:

  • Exam Format: Online, proctored, multiple-choice questions
  • Number of Questions: 76
  • Exam Duration: 120 minutes (2 hours)
  • Passing Score: 70%
  • Exam Language: English
  • Delivery Method: Computer-based testing (CBT) through the ISACA/CSA platform

Exam Domains Covered:

  • Cloud Governance – Understanding frameworks, roles, and responsibilities in cloud governance.
  • Cloud Compliance Program – Establishing, implementing, and evaluating compliance programs in the cloud.
  • CCM and CAIQ – Applying the Cloud Controls Matrix (CCM) and Consensus Assessments Initiative Questionnaire (CAIQ).
  • Cloud Auditing Process – Conducting audits, risk assessments, and continuous assurance activities.
  • STAR Program – Evaluating the Security, Trust, Assurance, and Risk (STAR) registry and its levels.

Target Audience:

  • Cloud auditors and compliance professionals
  • IT auditors and information security specialists
  • Cloud security professionals and consultants
  • Risk and governance officers
  • Professionals seeking to enhance their cloud auditing expertise

Exam Preparation:
To prepare for the CCAK exam, candidates are encouraged to:

  • Complete the CCAK training course offered by CSA or ISACA.
  • Study official CCAK materials, including the Cloud Controls Matrix (CCM) and CAIQ documentation.
  • Review case studies and sample questions to understand real-world audit scenarios.
  • Participate in study groups or online learning communities focused on cloud auditing.
  • Certification Validity and Maintenance:
    Upon passing the exam, candidates will receive the CCAK certificate jointly issued by the Cloud Security Alliance (CSA) and ISACA. The certification does not require renewal; however, certified professionals are encouraged to stay current with updates in cloud governance, compliance, and auditing practices.
Our Student Reviews

4.9

Excellent

ÉL
Émilie Laurent

iExperts knows what they're doing by recommending this. If you're responsible for cloud security compliance, you need a structured approach, and that’s exactly what this course provides. It gave me clarity on best practices for cloud audits and governance.

AK
Arian Khosravi

Instructor well organised, interested in helping students, well prepared and I learned greatly from Instructor . My overall feedback and rating is 10 out of 10. Thanks.

MN
Maria Novak

Evaluation Summary: Trainer Style: 6/6 Trainer Subject Knowledge: 6/6 Rapport with the audience: 6/6 Preparation and Organization: 6/6 Would you attend another training session taught by this trainer? Yes What did you like the most about the training? I loved the delivery from the trainer's side. Very enthusiastic and made the training really pleasant and interesting. Also very clear about the content he was delivering.

Load more

This course includes

  • Duration24 h
  • VendorCSA
  • CategoryCloud Computing
  • CertificateYes

Course Profile

Course Quiz

Test your knowledge with our course quiz! Answer a series of questions related to Certificate of Cloud Auditing Knowledge Course (CCAK) .

Similar Courses

Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Security Knowledge (CCSK)

The Certificate of Cloud Security Knowledge (CCSK) Foundation Course (V5) provides a deep understanding of cloud security fundamentals and progressively advances through all 12 domains of the CSA Security Guidance. It incorporates key recommendations from the European Union Agency for Network & Information Security (ENISA) and offers an overview of the Cloud Controls Matrix (CCM). This course equips learners with essential knowledge to understand, assess, and implement effective cloud security practices across diverse environments.

  • 24 h 4.8 (2765)

Course Tags

You may also like

Check out most 🔥 courses in the market

Dora Lead Manager
PECB
Cyber SecurityBusiness Management
Dora Lead Manager

The DORA (Digital Operational Resilience Act) Lead Manager course equips senior professionals with the skills and knowledge needed to oversee, manage, and ensure compliance with the DORA framework in financial institutions and related ICT service providers. This program covers operational resilience strategies, ICT risk management, incident handling, reporting requirements, and oversight of third-party providers, enabling participants to lead their organizations in meeting the EU’s regulatory expectations effectively.

4.9

(2000)
40 h
ISO 9001 Lead Implementer
PECB
Business Management
ISO 9001 Lead Implementer

The ISO 9001 Lead Implementer training course equips participants with the necessary knowledge and skills to support an organization in establishing, implementing, managing, and maintaining a Quality Management System (QMS) based on ISO 9001:2015. This course provides a practical methodology for the implementation process by applying best practices and aligning with international quality management standards. By the end of the course, participants will gain hands-on expertise in leading implementation projects, managing teams, and preparing organizations for certification audits.

4.8

(3000)
40 h
ISO 42001 AI lead implementer
PECB
Cyber Security
ISO 42001 AI lead implementer

The ISO/IEC 42001 Lead Auditor course equips professionals with the knowledge and skills to conduct and lead Artificial Intelligence Management System (AIMS) audits in compliance with ISO/IEC 42001. Participants will learn to apply internationally recognized audit principles, manage audit programs, and ensure AI governance aligns with ethical, legal, and organizational requirements. The course prepares attendees for certification as an ISO/IEC 42001 Lead Auditor, empowering them to assess AI systems for compliance, risk management, and continuous improvement.

4.9

(2000)
40 h
AI For End User
iExperts
AI
AI For End User

This course is a practical, tool-agnostic training program designed for professionals who want to leverage artificial intelligence in their daily work without needing a background in data science or programming. Participants will learn how AI interprets and processes human language, how to interact with AI tools effectively, and how to integrate AI into everyday tasks to enhance productivity, decision-making, and creativity.

4.9

(2457)
35 h
AI For End User Plus
iExperts
AI
AI For End User Plus

This advanced lesson builds on foundational AI knowledge to help users unlock the full potential of AI tools in personal and professional settings. Learners will explore more powerful features of AI platforms, gain hands-on experience with smart assistants, content generators, and automation tools, and learn strategies for integrating AI into workflows. The course also emphasizes data awareness, ethical use, and decision-making with AI support—empowering users to use AI responsibly and effectively in real-world scenarios.

4.9

(1953)
40 h
cookie

We use cookies to enhance your experience on our website. By continuing to browse, you consent to our use of cookies. To learn more, please refer to our Cookie Policy