ai · security · skills

Essay

The External-Assurance Artefact

Step-one deliverable: the AI Consensus Assessments Initiative Questionnaire (AI-CAIQ), pointed both ways — a Security, Trust, Assurance and Risk (STAR) for AI Level 1 submission for providers, a provider-evaluation pack for AI customers.

3 June 2026 · 5 min read · Binu Chacko

Situation

Self-assessment is where every program starts.

Complication

It is also where trust ends, unless there is a stated path to something a third party can hold.

The question

What can I hand an external party, and when?

The answer

The evidence ladder — self-assessed → measured → verified — and the specific artifact each rung produces.


The same questionnaire serves two audiences. If you provide AI services: a completed AI Consensus Assessments Initiative Questionnaire (AI-CAIQ) prepared for a Security, Trust, Assurance and Risk (STAR) for AI Level 1 self-assessment registry submission. If you consume them: a provider-evaluation pack that turns supply-chain due diligence from a vibe into a question set.

What the AI-CAIQ attests

The AI Consensus Assessments Initiative Questionnaire walks the same control spine as everything else in this practice — the 247 AI Controls Matrix (AICM) control objectives — as structured assessment questions. Because it shares that spine, your coverage assessment is most of the work: the questionnaire is the outward-facing form of answers you already evidenced inward.

What STAR for AI Level 1 is, and is not

  • It is a public, structured self-assessment listing in the Cloud Security Alliance (CSA) STAR registry: a transparency artefact your customers can read.
  • It is not independent certification. Level 1 is self-attested. Saying otherwise — in a deck, a sales call, an RFP answer — is exactly the kind of claim this practice refuses to make.

Assurance you can hand to a stranger is worth more than confidence you keep in a drawer — as long as you never label self-assessment as certification.

The provider-evaluation pack

Pointed the other way, the same questions grade your vendors. For each provider in your chain — the seats mapped in the SSRM ownership map — the pack asks for their answers and their evidence on the controls they own. A provider that cannot answer is itself a finding, and lands on the remediation roadmap as a supply-chain gap.

Cadence

Re-attest on material change — a new model provider, a new orchestration layer, a scope change — not on the calendar alone. The artefact is a snapshot; the chain it describes is not.

Instruments: Cloud Security Alliance (CSA) AI-CAIQ v1.1.0 and the STAR for AI Level 1 submission process, used with attribution per CSA terms. The AI-CAIQ in this practice is the assessment input; submission to the registry is the provider’s own act.

← Newer essay

The Prioritised Remediation Roadmap

Older essay →

Operating the Platform: A Leverage Guide

← Back to Insights

Subscribe for the next essay.