<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

SUITE OF SERVICES services menu
Hamburger-menu.png
MobileSearchIcon.png

CSA STAR PROGRAMS

STAR Program is a publicly available registry designed to recognize assurance requirements and maturity levels of cloud service providers (CSPs). Prior to issuing the guidance for STAR Certification and STAR Attestation, a CSP could only perform a self-assessment, which meant completing the Consensus Assessments Initiative questionnaire (CAIQ) and making the responses publicly available on the CSA Register.

TALK WITH A SPECIALISTRESOURCES

  • Ryan Mackie

    OUR CSA STAR CERTIFICATION SPECIALIST

    RYAN MACKIE

    CSA STAR SUBJECT MATTER EXPERT

    “The CSA produced the CCM as a comprehensive control set that includes the baseline of necessary controls, as well as best practices, for CSPs in today’s ever-changing information environment. CSPs have traditionally pointed to the CCM as an authoritative source. However, now organizations have the opportunity to undergo third party assessments through the STAR Certification or STAR Attestation programs. The program will now help validate maturity level or control activities, respectively, to the CCM and provide an additional assessment to the overall compliance program.”
  • Debbie Zaller CSA STAR Attestation Specialist

    OUR CSA STAR ATTESTATION SPECIALIST

    DEBBIE ZALLER

    PRINCIPAL AND CSA STAR SUBJECT MATTER EXPERT

    “The CSA produced the CCM as a comprehensive control set that includes the baseline of necessary controls, as well as best practices, for CSPs in today’s ever-changing information environment. CSPs have traditionally pointed to the CCM as an authoritative source. However, now organizations have the opportunity to undergo third party assessments through the STAR Certification or STAR Attestation programs. The program will now help validate maturity level or control activities, respectively, to the CCM and provide an additional assessment to the overall compliance program.”

Brightline Advantage Icon

THE SCHELLMAN ADVANTAGE

CSA STAR PROGRAMS

Schellman is the only firm that can offer both CSA STAR Certification and Attestation services to CSPs allowing companies to decrease internal costs and increase efficiencies.
MEET RYAN MEET DEBBIE
CSA_Star_Certification.png

CSA STAR CERTIFICATION

The CSA STAR Certification is a third party independent assessment of the security of a CSP that leverages the requirements of the ISO/IEC 27001:2013 (ISO 27001) management system standard together with the CSA Cloud Controls Matrix (CCM) version 3.0.1. In order to achieve the STAR Certification, a CSP must already have an active ISO 27001 certification or have the STAR Certification assessment performed in tandem with an ISO 27001 certification review.

TALK WITH A SPECIALIST
CSA_Star_Attestation_1.png

CSA STAR ATTESTATION

The CSA STAR Attestation is a third party independent assessment of the security of a CSP. CSA STAR Attestation is a collaboration between the CSA and the American Institute of CPAs (AICPA) to provide guidance for CPA firms (or service auditors) to conduct STAR Attestations using criteria from the AICPA Trust Services Principles (TSP) and the Cloud Control Matrix (CCM). This assessment utilizes the SOC 2 framework to report on the suitability of the design and operating effectiveness of a CSP’s controls relevant to the applicable TSPs (which include Security, Availability, Confidentiality, Processing Integrity, and Privacy) and the suitability of the design and operating effectiveness of its controls in meeting the criteria in the CSA CCM.

TALK WITH A SPECIALIST
FEATURED INSIGHTS
 

TALK WITH ONE OF

OUR SPECIALISTS

Our Schellman teams have experience performing thousands of cloud assessments for organization.
We’re here to answer any questions.

ABOUTCONTACTPRIVACY

        
Gartner Cool Vendor
Consulting Magazine's Best Firms to Work For
Accounting Today's Top 100 Firm

Copyright © 2002 - 2021 Schellman & Company, LLC.  All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.