← Glossary·Risk

CAIQ

Also known as: Consensus Assessments Initiative Questionnaire
SOC 2ISO 27001

Cloud Security Alliance's standardised cloud-provider security questionnaire (aligned to CCM).

The Cloud Security Alliance's Consensus Assessments Initiative Questionnaire (CAIQ) is a standardised yes/no questionnaire mapped to the CSA Cloud Controls Matrix (CCM). It is the canonical vendor questionnaire for cloud service providers.

Why it matters
Publishing a current CAIQ in the CSA STAR Registry is a fast credibility signal for cloud-buyer due diligence.

Related terms

SIG Questionnaire
Shared Assessments' standardised vendor security questionnaire (Core, Lite, custom).
Vendor / Third-Party Risk Management (TPRM)
Process for assessing, monitoring, and contracting security risk introduced by third parties.
Trust Page / Trust Center
Customer-facing page publishing security posture, compliance reports, sub-processors, status, and policies.

Does your program actually cover CAIQ?

Run a free ComplianceIQ audit against SOC 2 and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free SOC 2 auditBack to glossary