Skip to navigation
Skip to main content
Skip to footer
NCC Group
Menu
Services
Open sub menu for Services
Incident Response
Incident Response
Incident Readiness
Cyber Incident Response Management
Incident Response Recovery
Cyber Incident Response Retainer
Technical Assurance
Technical Assurance
Penetration Testing Services
Social Engineering Prevention
Application Security
Attack Simulation
Hardware & Embedded Services
Network Infrastructure, Architecture & Container Security
Cloud Security Services
Cryptography & Encryption
Blockchain Security
Cyber Services Portal
Managed Services
Managed Services
Managed Extended Detection & Response (MXDR)
Network Detection & Response for OT
Vulnerability Scanning & Management
Bug Bounty & Vulnerability Disclosure Services
Attack Surface Management
Unified Cyber Platform
Consulting & Implementation
Consulting & Implementation
Identity & Access Management
Operational Technology
People: Training & Awareness
Strategy, Risk & Compliance
Project & Program Management
Threat Intelligence
Threat Intelligence
Online Exposure Monitoring
Digital Footprint Review
Solutions
Open sub menu for Solutions
Cloud Security & Transformation
Cyber Governance & Assurance
Digital Identity
Operational Technology (OT) Security
Proactive Security
Securing AI
Supply Chain & Third-Party Cyber Risk
Threat Detection & Response
Sectors
Open sub menu for Sectors
Financial Services Sector
Legal & Professional Services
Retail & Consumer Markets
Public Sector & Government Services
Transport Services
Technology, Media & Telecommunications Services
Energy & Utilities Services
Manufacturing Services
Health Services
Resources
Open sub menu for Resources
Newsroom
Resource Hub
Our Research
Event Hub
Case Studies
Cyber Threat Intelligence Reports
Global Cyber Policy Radar
Supply Chain Security Report
About Us
Open sub menu for About Us
Celebrating 25 years and beyond
About us
Our Values
Our Board & Executive Committee
Global Policy Advocacy
Office Locations
Sustainability
Investor Relations
Careers
Investors
Open sub menu for Investors
Investor Relations
Investor Relations
Why invest in NCC Group?
Share Price
Results & Media
RNS
Investor Toolkit
Corporate Governance
Investor Relations Contacts
Sustainability
Sustainability
Gender Pay Gap
Giving Back
Governance & Standards
Resources
Resources
Carbon Reduction Plan 2025
Annual Report 2025
Streamlined Energy and Carbon Reporting 2025
Anti-Bribery & Corruption
Anti-slavery and human trafficking
Code of Ethics
Gender Pay Gap
Supply Chain
Whistleblowing
Environmental Policy
Contact Us
Search
Client login
Open sub menu for Customer Portals
Managed Services Unified Cyber Platform (UCP)
Cyber Services Portal
Managed Scanning Customer Portal
Enter a search term
​
CASA Questionnaire
Please fill out our Questionnaire to get started on your CASA journey
Getting Started
Work Email
*
Please select the Google Cloud Application Security Assessment you are pursuing:
*
Gmail
Drive
Chat
Data Portability
Google FIT
Google Health
Photo Ambient
Google Workspace Security Badge, AL2 Only
Other
If "Other" please which Google Application Security Assessment
Did you pass OAuth Security Assessment or CASA last year?
*
Yes
No, this will be our first time
Has Google directed you to undergo a CASA Review? If yes, what is your Assurance Level (AL) Assignment?
*
If yes, NCC Group will require a copy of the email to 'google_casa@nccgroup.com'. Completing a CASA Review before Google has directed you to do so could result in a rejected LOV.
Yes, AL1
Yes, AL2
No, but we know it is required and are getting a head start on the process
No, we are Self-Initiating
Indicate all Google Restricted Scopes being used by your application/integration.
*
All current restricted scopes can be found here: https://support.google.com/cloud/answer/13464325
Your Company Information
Your Company Name (full name incl. Inc, LLC, etc.)
*
DUNS Number
*
Your Company Mail/Postal Address 1 (This is required for the LOA issuance):
*
Address 2:
City:
State/Providence:
*
Country:
*
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Brazil
British Indian Ocean Territory
British Virgin Islands
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo
Cook Islands
Costa Rica
Croatia
Cuba
Curaçao
Cyprus
Czech Republic
Côte d’Ivoire
Democratic Republic of the Congo
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Honduras
Hong Kong S.A.R., China
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macao S.A.R., China
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Korea
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestinian Territory
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Romania
Russia
Rwanda
Réunion
Saint Barthélemy
Saint Helena
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Korea
South Sudan
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Swaziland
Sweden
Switzerland
Syria
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
U.S. Virgin Islands
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican
Venezuela
Viet Nam
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
Zip Code:
*
Corporate website address
*
Type your company's website address
Corporate phone number
*
Technical point of contact name:
*
Technical point of contact email:
*
Is the invoicing address the same as the company address provided* (If NO, please notify your NCC Group representative upon follow up)
*
Yes
No
About your Application
Google Project Number (NOT the "Project ID" or "Project Name". This should be a 12-digit number):
*
If you have multiple project numbers, please include an explanation of how each project number is utilized (Different applications, environments, platforms, regions, etc) .
Please state your LOV deadline, as provided by Google.
*
If a date was not provided, please input date 90 days from the date you received your last comms from Google.
Application Name and Version Number
*
Publicly Available Application URL:
*
Server Application Type(s) -- please select any of the following if directly exposed to the internet:
*
Open API-compatible REST API
Other REST API
SOAP API
GraphQL API
Web Sockets App
Other API (please list below)
Other server app type (please list below)
If "Other" please list:
Client Application Type(s) -- please select all that apply:
*
Web App with UI (including most/all Google functionality)
No Web App with UI (Or with no/limited Google functionality) (Please describe how your application integrates with Google and on what platforms below)
Android app
iOS app
Desktop app
Browser Extension
Add-On
API
Other (please list below)
If you indicated "No Web App with UI (or with no/limited Google functionality)", please describe how your application integrates with Google and on what platforms.
If 'Other' was selected in the previous question, please list:
If 'Android' or 'iOS App' indicated in previous question, can the OAuth flow be completed within the mobile app/web app?
Mobile: Yes
Mobile: No
Web: Yes
Web: Yes
Can you give a brief description of the application, how it uses Google user data, where it’s stored, how it’s transferred, and flows through your cloud architecture?
*
What is the size of the full application (total endpoints, APIs + App)?
*
1 – 250
251 – 700
701 – 1200
>1201
Best numeric estimate of total endpoints?
*
Does your application make use of Multi-Factor Authentication (MFA) for application end users (not administration)? If yes, can it be disabled for specific test accounts?
*
No, we do not use MFA for end users
Yes, we use MFA and can disable it for testing/test users
Yes, we use MFA but we CANNOT disable it for testing/test users
Are you intertested in additional pentesting services?
The Cloud Application Security Assessment to be completed by NCC Group is designed to determine if an application meets all of the App Defense Alliance requirements. This assessment is not, however, to be a full and complete penetration test of the application and should not be treated as such. As a separate engagement NCC Group can perform additional security services. Are there any pentesting efforts you are interested in?
Network/Infrastructure Testing
Web Application Assessment
Cloud Configuration Review
Other compliance or regulatory assessment(s)