Financial institutions face many major challenges across all IT services as their cloud journey progresses. Cyber security governance, risk management, compliance, third-party vendor management, and assurance and accountability are just a few that scratch the surface. An essential component to solving these challenges is a standardized and mature security control framework.
CSA’s Cloud Control Matrix (CCM) has been adopted by several financial institutions and is recognized and appreciated by regulators. In 2022, CSA established a partnership with the Cyber Risk Institute (CRI), that lead to the creation of the “Cloud Profile,” an extension of the CCM and of the CRI Profile. The goal of this collaboration is to support financial institutions in navigating the complexity of cloud security compliance and assurance. CSA is also working alongside organizations such as the European Cloud User Council, the European and UK Cloud Pooled Audits groups, and IBM Financial Services, to further extend the CCM, the Financial Service Addendum, and ultimately improve its relevance for Financial Institutions and their Regulators.
This session will provide an overview of:
The Cloud Control Matrix
The Cloud Profile: what it is, key stakeholders involved, goal and objectives
The CCM Financial Service Addendum