Course 126: Conducting cloud service provider IT security assessment


This course is designed based on the Canadian Centre for Cyber Security (Cyber Centre) Cloud Assessment Program methodology. In this course, you will gain the ability to assess Software as a Service (SaaS) vendors. This course will give you an in-depth understanding of how-to set up an assessment team, the overall methodology to conduct an assessment including evaluating controls, calculating residual risk, and creating IT security assessment reports. Information on the Cyber Centre Supply chain integrity program, the Public Services and Procurement Canada (PSPC) Contract security program and engaging with the Cyber Centre Cloud architecture oversight and verification team will also be presented.


Upon successful completion, the participants will be able to:

  • describe the Cyber Centre’s Cloud Assessment methodology and usage to assess Software as a Service (SaaS) vendors
  • recall how to set up an assessment team including roles and responsibilities
  • describe the role of the Cyber Centre Supply chain integrity program and the PSPC Contract security program
  • explain the role of the Cyber Centre Oversight and Verification team

Target audience

The target audience of this course is professionals in IT roles, such as IT practitioners, architects and security analysts, project managers, and coordinators, who participate in the conduct of Security Assessment and Authorization (SA&A) assessments or the implementation of cloud service controls.


It is strongly recommended that participants have previous knowledge in cloud computing, IT security risk management, and threat risk assessments. This knowledge could be gained by attending course 910 - IT security risk management boot camp.

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: