STAR Program is a publicly available registry designed to recognize assurance requirements and maturity levels of cloud service providers (CSPs). Prior to issuing the guidance for STAR Certification and STAR Attestation, a CSP could only perform a self-assessment, which meant completing the Consensus Assessments Initiative questionnaire (CAIQ) and making the responses publicly available on the CSA Register.
“The CSA produced the CCM as a comprehensive control set that includes the baseline of necessary controls, as well as best practices, for CSPs in today’s ever-changing information environment. CSPs have traditionally pointed to the CCM as an authoritative source. However, now organizations have the opportunity to undergo third party assessments through the STAR Certification or STAR Attestation programs. The program will now help validate maturity level or control activities, respectively, to the CCM and provide an additional assessment to the overall compliance program.”
“The CSA produced the CCM as a comprehensive control set that includes the baseline of necessary controls, as well as best practices, for CSPs in today’s ever-changing information environment. CSPs have traditionally pointed to the CCM as an authoritative source. However, now organizations have the opportunity to undergo third party assessments through the STAR Certification or STAR Attestation programs. The program will now help validate maturity level or control activities, respectively, to the CCM and provide an additional assessment to the overall compliance program.”
Schellman is the only firm that can offer both CSA STAR Certification and Attestation services to CSPs allowing companies to decrease internal costs and increase efficiencies.
The CSA STAR Certification is a third party independent assessment of the security of a CSP that leverages the requirements of the ISO/IEC 27001:2013 (ISO 27001) management system standard together with the CSA Cloud Controls Matrix (CCM) version 3.0.1. In order to achieve the STAR Certification, a CSP must already have an active ISO 27001 certification or have the STAR Certification assessment performed in tandem with an ISO 27001 certification review.
TALK WITH A SPECIALISTThe CSA STAR Attestation is a third party independent assessment of the security of a CSP. CSA STAR Attestation is a collaboration between the CSA and the American Institute of CPAs (AICPA) to provide guidance for CPA firms (or service auditors) to conduct STAR Attestations using criteria from the AICPA Trust Services Principles (TSP) and the Cloud Control Matrix (CCM). This assessment utilizes the SOC 2 framework to report on the suitability of the design and operating effectiveness of a CSP’s controls relevant to the applicable TSPs (which include Security, Availability, Confidentiality, Processing Integrity, and Privacy) and the suitability of the design and operating effectiveness of its controls in meeting the criteria in the CSA CCM.
TALK WITH A SPECIALISTOur Schellman teams have experience performing thousands of cloud assessments for organization.
We’re here to answer any questions.