0333 444 0881
0333 444 0881 SCHEDULE A CALL


For organisations that are planning ‘Cloud First’ Transformation strategies, our Cloud Security Architecture Assessment Service gives you an objective assessment of your compliance readiness with the 14 Cloud Security Principles (14 CSPs), or the Cloud Security Alliance’s Cloud Controls Matrix (CSA CCM).  Our Cloud Security Architecture Assessment Services is listed on the G-Cloud 11 Framework under Lot ‘Cloud Support’.

Benefits Of Adoption

Both the 14 CSPs and the CSA CCM are applicable to and highly recommended for any organisation offering Cloud services. The frameworks are also applicable to organisations that use the Cloud for internal hosting of corporate data or services. Compliance with either of these standards is achieved by adopting appropriate controls to meet the specified criteria defined within each framework. Compliance requires a systematic review of services and processes with respect to Cloud infrastructure and how it is managed with respect to a data lifecycle.

The 14 CSPs are defined by the National Cyber Security Centre & provide a comprehensive set of security controls for operation within the Cloud

1. Data in transit protection

2. Asset protection and resilience

3. Separation between users

4. Governance framework

5. Operational security

6. Personnel security

7. Secure development

8. Supply chain security

9. Secure user management

10. Identity and authentication

11. External interface protection

12. Secure service administration

13. Audit information for users

14. Secure use of the service


The CSA CCM provides a framework that gives a detailed understanding of security concepts & principles that are aligned with the CSA guidance in 16 domains

1. Application & Interface Security

2. Audit Assurance & Compliance

3. Business Continuity Management & Operational Resilience

4. Change Control & Configuration Management

5. Data Security & Information Lifecycle Management

6. Datacenter Security

7. Encryption & Key Management

8. Governance and Risk Management



9. Human Resources

10. Identity & Access Management

11. Infrastructure & Virtualization Security

12. Interoperability & Portability

13. Mobile Security

14. Security Incident Management, E-Discovery & Cloud Forensics

15. Supply Chain Management, Transparency & Accountability

16. Threat and Vulnerability Management



Our Cloud Security Architecture Assessment Service begins with an on-site readiness assessment of your conformance to the requirements outlined by the 14 CSPs, or the CSA CCM, focusing on your people, processes and technology. It includes interviews with senior stakeholders within the organisation responsible for cloud services, a high-level review of documentation, and a review of the information security management system (ISMS), technical controls and processes.

Following the readiness assessment, you will be given a detailed report highlighting the findings of our visit. This report will document non-compliances and areas of improvement that will need to be addressed in order to meet the requirements of the framework. We can provide further consultancy support and advice to help remediate any identified gaps.


Recent Project Example

Information Risk Management & GDPR Consultancy for Online Financial Product Comparison Business

A market leading online financial products provider engaged Cyber Smart Associates to help guide their cyber security improvement and GDPR compliance journey.  They needed to understand and demonstrate their InfoSec & Data Privacy Risk position, & wanted customers to have confidence and trust in their services. Cyber Smart Associates reviewed the Integration of their people with processes & technology, & steered their IT Delivery Organisation down a smooth path towards robust and resilient application development culture – while avoiding the common pitfalls that can waste time, effort and money.