An independent auditor report is a method that can be used by a cloud service provider (CSP) with a

cloud customer that does not want to share security and control information. An independent

auditor report is a document that provides assurance on the CSP’s security and control environment,

based on an audit conducted by a qualified third-party auditor. The audit can be based on various

standards or frameworks, such as ISO 27001, SOC 2, CSA STAR, etc. The independent auditor report

can provide the cloud customer with the necessary information to evaluate the CSP’s security and

control posture, without disclosing sensitive or proprietary details. The CSP can also use the

independent auditor report to demonstrate compliance with relevant regulations or contractual

obligations.

Reference:

ISACA, Certificate of Cloud Auditing Knowledge (CCAK) Study Guide, 2021, p. 83-84.

ISACA, Cloud Computing Audit Program, 2019, p. 6-7.