CSA STAR Certification

Minimize risk and inspire trust with CSA Star Certification

Assuring cloud security and inspiring trust starts with auditing for adherence to standards and frameworks. Cloud Security Alliance (CSA) provides the publicly accessible Security, Trust, Assurance, and Risk (STAR) registry, which documents security and privacy controls used by cloud computing providers. This includes the harmonization of standards outlined in CSA's Cloud Controls Matrix.

Publishing to the STAR registry allows organizations to show current and potential customers their level of compliance. There are two levels an organization can achieve.

• Level 1 is a self-assessment that is suited for organizations operating in a low-risk environment. For the security assessment, organizations use the Cloud Controls Matrix to evaluate and document their security controls. The privacy assessment submissions are based on the GDPR Code of Conduct.
• Level 2 is a third-party assessment for organizations operating a medium to high risk environment. This level is suitable for organizations already adhering to any of the following: ISO 27001, SOC 2, GB/T 22080-2008, GDPR

The CSA Star certification is designed to work in tandem with ISO 27001 for cloud computing providers. ISO 27001 certification demonstrates that you have implemented an information security management system (ISMS) and general security controls.  In addition, CSA Star certification further acknowledges that your organization also features the particular security controls covered by the CSA Cloud Controls Matrix.

Cloud Service Providers that hold both ISO 27001 and CSA Star certifications prove to customers and other stakeholders that they meet a higher level of security and proactively protect data from cyber-attacks.