Using the CAIQ for non-commercial use is free of charge. If you are going to simply utilize the questionnaire to assess the security of potential and current cloud providers to the organization. Then that would fall under non-commercial use. The only stipulation is that you cannot modify it in anyway. I have provided the full copyright statement and policy below.
We highly recommend (of course optional) that you urge your suppliers to upload their self-assessment to the STAR Registry. By doing that, it is logged and maintained within the public registry and is required to be updated once a year. This process is maintained by CSA and organizations are sent a reminder that the entry is nearing expiration. My guess is you may require this anyway but CSA eliminates the need for you to manage that process. Furthermore, you will have access to it anytime by simply going to the registry which also eliminates the need for you to store it or file it.
For the cloud provider, it is an incentive to respond positively to your request because once filled out and submitted they can just send a link to anyone else that may make a similar request eliminating redundancy and handling multiple requests. This is all free of charge.
CCM & CAIQ are free to use by anyone for non-commercial purposes according to the policy below:
---------------------------------
CCM/CAIQ Licensing Model - 2021
Current CCM/CAIQ Copyright Policy
© Copyright 2015-2021 Cloud Security Alliance - All rights reserved. You may download, store, display on your computer, view, print, and link to the Cloud Security Alliance “Cloud Controls Matrix (CCM)” or Consensus Assessment Initiative Questionnaire (CAIQ) at http://www.cloudsecurityalliance.org subject to the following: (a) the CCM and CAIQ may be used solely for your personal, informational, non-commercial use; (b) the CCM and CAIQ and their original templates may not be modified or altered in any way; (c) the CCM and CAIQ may not be redistributed. The sole form of redistribution permitted is to allow CSPs to provide their own filled-out CAIQ to customers; and (d) the trademark, copyright, or other notices may not be removed. You may quote portions of the CCM and CAIQ as permitted by the Fair Use provisions of the United States Copyright Act, provided that you attribute the portions to the Cloud Security Alliance Cloud Controls Matrix. If you are interested in obtaining a license to this material for other usages not addressed in the copyright notice, please contact support@cloudsecurityalliance.org.
1) CSA Corporate Members are entitled to modify CCM and CAIQ and use it for non-commercial purposes.
2) For any organization that wants to use CCM and CAIQ for commercial exploitation the following pricing policy applies:
CSA Executive members |
CSA Corporate members |
Non Members |
|
1 Year |
10,000 USD |
15,000 USD |
30,000 USD |
2 Year |
18,000 USD |
27,000 USD |
54,000 USD |
5 Years |
40,000 USD |
60,000 USD |
120,000 USD |
10 Years |
70,000 USD |
105,000 USD |
210,000 USD |
NOTE: for commercial exploitation of CCM/CAIQ examples are products and services that are sold to the public.
- Software-based products such as 3rd party risk assessment solutions and other tools.
- Services, such as consultancy assessment methodologies, audits, and evaluation approaches, etc.
NOTE 2: In the cases, where a CSA corporate member requests a multi-annual license, it will be required to prepay the membership for a number of years equal to the length of the license.
Comments
0 comments
Please sign in to leave a comment.