Skip to main content
🎉 Check out our latest May Release 🎉 Here

Search

Welcome to Whistic Support

CSA Integration

  • Updated

Table of Contents

Summary

Whistic's CSA integration provides access through the Whistic Trust Center Exchange to select vendor CAIQ (Consensus Assessments Initiative Questionnaire) responses through our partnership with the Cloud Security Alliance (CSA). This feature allows you to review vendor security assessments directly from the CSA STAR Registry, streamlining your vendor evaluation process by accessing pre-completed questionnaires from trusted industry sources.

The Trust Center Exchange displays CSA STAR Registry Level 1 CAIQs that our Technical Programs and Development teams pull regularly via CSA's API, typically updated every 3-6 months to ensure current information availability.

🚀 Getting Started

The CSA Trust Center Exchange integration allows you to access vendor security assessments without requiring vendors to complete separate questionnaires. This feature leverages existing CSA STAR Registry data to provide standardized security information.

What's Available:

  • CSA STAR Registry Level 1 CAIQ responses
  • Standardized security assessment data
  • Direct integration with CSA's official registry
  • Regular updates every 3-6 months

Important Notes:

  • Only standard CSA CAIQ templates are supported
  • Customized CAIQs uploaded by vendors to CSA cannot be imported
  • Content availability depends on what vendors have published in the CSA STAR Registry

🔍 How to Access CSA Content

Viewing Available Content (Free Account)

  1. Log into your Whistic account
  2. Navigate to the Trust Center Exchange section
  3. Browse available CSA content to see what vendor assessments are accessible
    1. Note - Accessing the data requires a paid account

Accessing and Using CSA Content (Paid Account Required)

  1. Confirm Account Eligibility:
    • Contact your Whistic Customer Success Manager to verify your account qualifications
    • Ensure your account has the necessary permissions to import and view Trust Center Exchange information
  2. Access Vendor Assessments:
    • Navigate to the Trust Center Exchange in Whistic
    • Locate the specific vendor you want to evaluate
    • Upon identifying a CAIQ questionnaire that has been imported by the vendor, click Import to obtain those details
  3. Conduct Assessment Review:
    • Analyze the CAIQ responses against your security requirements
    • Compare vendor controls to your organization's standards
    • Document findings and make informed vendor decisions

🔐 Account Requirements

Access to CSA content in the Whistic Trust Center Exchange depends on your account type. Free accounts can browse available vendor listings, while a paid account is required to import and review actual CAIQ data. Contact your Whistic Customer Success Manager to confirm your account's eligibility and ensure the necessary permissions are in place.

❓ FAQ

Why isn't more CSA content available in the Trust Center Exchange?

Currently, we focus on CSA STAR Registry Level 1 CAIQs as other Level 1 or Level 2 data was not accessible when we originally built the integration. Our Technical Programs team continues to evaluate opportunities to expand content availability based on CSA API capabilities and customer needs.

Why doesn't the Whistic CAIQ match exactly with what I see on the CSA website?

Our integration pulls data regularly every 3-6 months, so there may be timing differences between updates.

Can Whistic import customized CAIQs that vendors upload to CSA?

No, our system currently only accepts the exact CSA CAIQ file template and other industry standard formats. We cannot pull in CAIQs that have been customized or modified by vendors before uploading to the CSA STAR Registry.

How often is the CSA content updated in Whistic?

Our Technical Programs and Development teams update the CSA Trust Center Exchange content every 3-6 months by pulling fresh data from the CSA STAR Registry via their API. This ensures reasonably current information while managing system resources effectively.

What if I can't find a specific vendor in the Trust Center Exchange?

Vendor availability depends on their participation in the CSA STAR Registry and publication of Level 1 CAIQ data. If a vendor isn't listed, they may not have published their assessment to the CSA registry, or their submission may not meet our import criteria.

Do I need special permissions to access CSA content?

Free accounts can browse what's available, but accessing actual CAIQ data for vendor assessments requires a paid account with proper setup. Contact your Whistic representative to ensure your account has the necessary permissions and complete any required setup processes.

Related to