VWO Logo
Request Demo

Cloud Security Alliance

Cloud Security Alliance

VWO Experience Optimization Platform supports the CSA STAR (Security, Trust, Assurance, Risk) registry program which encompasses key principles of transparency, rigorous auditing, and harmonization of standards that indicate best practices and validate the security posture of their services by CSA.

VWO and Cloud Security Alliance

Wingify is a member of the Cloud Security Alliance (CSA), a not-for-profit organization with a mission to promote the use of best practices for providing security assurance with cloud computing. CSA has launched the Security, Trust, Assurance & Risk (STAR) registry, a publicly accessible registry that documents the security and cybersecurity controls provided by various cloud computing offerings.

VWO completed a publicly available Consensus Assessment Initiative Questionnaire (CAIQ) v4.0.2, based on the results of our due diligence Level1 Self-Assessment done under STAR program assurance, which includes the security controls and compliance required for VWO Experience Optimization Platform’s development, operations, management, governance, support, and in-scope services.

Customers are responsible for ensuring that they achieve compliance with CSA requirements.

Audit cycle: Wingify’s VWO Experience Optimization Platform is assessed at least annually against the CSA-CAIQ v4.0.2.

Refer to the following document for more details: 

  1. Consensus Assessment Initiative Questionnaire (CAIQ) v4.0.2

CSA-CAIQ Overview

The Cloud Security Alliance (CSA) Consensus Assessment Initiative Questionnaire (CAIQ) offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of YES/NO/N.A,  questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance with the Cloud Control Matrix (CCM). Companies who use the STAR (Security Trust Assurance Risk) program indicate best practices and validate the security and cybersecurity posture of their services, publicly accessible registry allows customers to assess their providers in order to make the best procurement decisions. 

In addition to improving the clarity and accuracy, it also supports better auditability of the CCM controls.