Cloud Computing Auditor Course prepares professionals to audit cloud environments, assessing controls, conformity and evidence across service models and shared responsibility. The training focuses on audit methodologies and practices applicable to cloud, supporting independent assessment and continuous improvement.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.
Live Online • next edition
Live Online • base price
Language: available in Portuguese or English
Training: practical and case-study based
Exam: 3h
SPECIALIST LEVEL — advanced competences to address critical challenges in the field.
Why this course exists
To audit cloud with method, evidence and independence, considering shared responsibility, risk and third parties.
As organisations migrate to IaaS, PaaS and SaaS, auditing no longer depends only on “internal” controls and starts requiring clear criteria to assess shared responsibilities, contracts and available technical evidence. This course prepares professionals to perform rigorous cloud audits, with a focus on control, conformity, evidence and continuous improvement.
What this course enables you to do
Plan
Define the cloud audit strategy, scope, criteria, team and plan, aligning risk, contract and objectives.
Assess
Assess security, privacy, compliance and continuity controls in cloud, based on objective criteria.
Evidence
Collect, validate and support technical and documentary evidence, including contracts and SLAs, ensuring traceability.
Report
Produce clear and ethical reports, with findings, nonconformities and actionable recommendations.
Frameworks, standards and best practices addressed throughout the course
Deployment models & multicloud
Shared responsibility
ISO 19011 (audit)
ISO/IEC 27001 & ISO/IEC 27000 family
ISO/IEC 27017 & 27018 (cloud/PII)
Risk management (criteria & evidence)
Privacy & GDPR
Contracts, SLA & legal responsibility
Reporting, ethics & communication
ISO/IEC 17024 (personal certification — framework)
Value for the organisation
- More consistent cloud audits, with clear criteria and traceable evidence.
- Greater independent assessment capability for risk, control and compliance in cloud services.
- Reduced control failures arising from shared responsibility gaps and insufficient contracts.
- Reports with actionable recommendations for continuous improvement and stronger trust among clients and stakeholders.
Introduction
The Cloud Computing Auditor course prepares professionals to audit cloud computing environments with excellence, professionalism and security, based on international best practices.
The course covers essential and advanced knowledge for auditing cloud systems, from technical and standards-based fundamentals to the conduct of complex audits, enabling the participant to apply for one of three certification levels: Associate Auditor, Auditor or Lead Auditor.
At the end of the course, participants complete a full review session, with support for mapping the knowledge domains, and access an exam preparation test aligned with the syllabus and with the Behaviour certification model.
More than a technical course, this training is a complete competence development journey for those who wish to audit cloud environments with rigour, judgement and authority.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC — Portugal.
General Objectives
At the end of this course, participants will be able to:
- Understand the technical fundamentals of cloud computing and its impacts on security, risk and audit.
- Recognise cloud service and deployment models, as well as differences in responsibility, control and visibility of the audited environment.
- Apply practices, methods, techniques and tools appropriate for auditing cloud environments, considering different levels of complexity, risk and maturity.
- Assess security, privacy, compliance and continuity controls based on available evidence, contracts, documents and existing technical structures.
- Identify relevant findings, nonconformities and improvement opportunities, based on objective criteria and alignment with audit best practices.
- Prepare clear, ethical and well-supported reports, adapted to the target audience, with useful and actionable recommendations.
- Prepare to successfully take the Certified Cloud Computing Auditor (CCCA) certification exam and progress to Behaviour international certification, according to the defined criteria and prerequisites.
Target Audience
- Information systems / IT auditors who wish to expand their work into cloud auditing.
- Risk, compliance, cybersecurity or cloud project managers who need to understand applicable technical and standards-based criteria.
- IT, cloud architecture or operations professionals responsible for contracting, operating or governing cloud environments.
- Consultants and technical or legal experts in cybersecurity, IT, digital regulation or cloud computing who wish to become certified as cloud auditors.
- Professionals in career transition or anyone interested in acquiring solid and up-to-date competences in cloud auditing.
Prerequisites
There are no mandatory formal prerequisites. However, familiarity with cloud fundamentals, information security, risk management and audit is recommended, as well as exposure to IT service operation and governance contexts.
In addition, other specific requirements may apply, where relevant, depending on the quotation or proposal presented.
Programme
Cloud fundamentals and architecture
- Cloud fundamentals and concepts
- Technical architecture and cloud components
- Service models: IaaS, PaaS, SaaS
- Deployment models and multicloud strategy
- Case study — initial diagnosis
Risk, security and privacy in cloud
- Risk assessment in cloud
- Cloud security: access, data, cryptography
- Privacy and data protection
- Contracts, SLA and legal responsibility
- Case study — partial technical assessment
Cloud audit planning and execution
- Cloud audit planning (scope, criteria, approach)
- Audit execution: techniques and evidence
- Findings and conformity assessment
- Reporting, ethics and professional communication
- Case study — strategic conclusions
Review and final preparation
- Review — domains 1 to 6
- Preparation exam and closure
Exam(s) and Certification
Exam “Certified Cloud Computing Auditor”
- Domain 1: Cloud Fundamentals and Concepts
- Domain 2: Technical Architecture, Components and Service Models (IaaS, PaaS, SaaS) and Shared Responsibility
- Domain 3: Cloud Risk Assessment and Security (access, data, cryptography and controls)
- Domain 4: Privacy, Data Protection, Compliance and Continuity in Cloud
- Domain 5: Cloud Audit Planning and Execution (methods, techniques, evidence and traceability)
- Domain 6: Findings, Conformity Assessment, Reporting, Ethics and Professional Communication
Language(s): English and Portuguese (please consult BEHAVIOUR for availability in other languages).
Duration: 4 hours.
Exam type: Multiple-choice questions (classic) (4 options, 1 correct); mini-scenarios with associated questions; matching; ordering of steps / logical sequence; fill-in with embedded selection.
Number of questions: 150.
Pass mark: 105/150 points.
Results: Pass or Fail, with quantitative assessment.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months from the result date of the initial exam.
Certification (levels and requirements)
After successfully completing the exam and accepting or signing the applicable agreement and Code of Ethics, the candidate achieves one of the following levels:
- CCCA Associate Auditor: no previous experience required.
- CCCA Auditor: 1 year of experience in cloud computing and auditing.
- CCCA Lead Auditor: 3 years of experience in cloud computing, auditing and leadership.
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying. The certification is issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
The personal certification programme “Certified Cloud Computing Auditor” is developed and maintained in accordance with the international standard ISO/IEC 17024.
Certification programmes are valid only for individuals (not companies), and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement / Code of Ethics.
If the professional does not comply with the agreement / Code of Ethics, the certification is not granted or is revoked.
Other Information
General Information
- Training available in Portuguese or English.
- Online materials available in Portuguese and English, with online access, in accordance with the awarded conditions.
- Behaviour digital Training Attendance Certificate with 40 CPD/CPE credits.
- Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date.
- If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result.
- Digital Certification Diploma and Digital Certification Badge after passing the exam and completing the application process. This registration has no associated cost.
Trainer(s)
Benefits
View benefits
- Ability to audit cloud with a focus on independence, evidence and professional judgement.
- Better interpretation of shared responsibility, contracts and SLAs, reducing risks arising from contractual and operational gaps.
- Consolidated criteria to assess controls related to access, data, cryptography, monitoring, incident response and continuity.
- More useful audit reports for management and technical teams: clear findings and actionable recommendations.
- Practical and application-oriented training, with case study and evidence analysis exercises.
Logistics
Useful information
- Live Online (synchronous time): 09h30–13h00 (15 min break at 11h00) and 14h00–17h30 (15 min break at 16h00) — Lisbon (Portugal)
- 28 hours of synchronous training, distributed across 4 days
- Estimated 12 hours of guided autonomous work, intended for content consolidation and exam preparation
- Requirements: computer with stable internet, browser, PDF reader and audio/video
Hotels in Lisbon
Frequently Asked Questions
Objective answers to the most common questions about the Cloud Computing Auditor Course.
Is this course vendor-neutral (AWS/Azure/GCP) or focused on one provider?
What is the difference between cloud auditing and “traditional” IT auditing?
What type of evidence is typically analysed in a cloud audit?
Does the course address privacy and data protection audits in cloud?
Which “real” deliverables become easier to produce after the course?
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Request Information
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
Request Proposal
This course may be attended by individual professionals. It can also be integrated into capability-building paths for teams that need to audit cloud services and environments with a focus on risk, control and compliance.