<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

SUITE OF SERVICES services menu

Hamburger-menu.png
MobileSearchIcon.png

CSA STAR PROGRAMS

STAR Program is a publicly available registry designed to recognize assurance requirements and maturity levels of cloud service providers (CSPs). Prior to issuing the guidance for STAR Certification and STAR Attestation, a CSP could only perform a self-assessment, which meant completing the Consensus Assessments Initiative questionnaire (CAIQ) and making the responses publicly available on the CSA Register.

TALK WITH A SPECIALISTRESOURCES

  • Ryan Mackie

    OUR CSA STAR CERTIFICATION SPECIALIST

    RYAN MACKIE

    CSA STAR SUBJECT MATTER EXPERT

    “The CSA produced the CCM as a comprehensive control set that includes the baseline of necessary controls, as well as best practices, for CSPs in today’s ever-changing information environment. CSPs have traditionally pointed to the CCM as an authoritative source. However, now organizations have the opportunity to undergo third party assessments through the STAR Certification or STAR Attestation programs. The program will now help validate maturity level or control activities, respectively, to the CCM and provide an additional assessment to the overall compliance program.”

  • Debbie Zaller CSA STAR Attestation Specialist

    OUR CSA STAR ATTESTATION SPECIALIST

    DEBBIE ZALLER

    PRINCIPAL AND CSA STAR SUBJECT MATTER EXPERT

    “The CSA produced the CCM as a comprehensive control set that includes the baseline of necessary controls, as well as best practices, for CSPs in today’s ever-changing information environment. CSPs have traditionally pointed to the CCM as an authoritative source. However, now organizations have the opportunity to undergo third party assessments through the STAR Certification or STAR Attestation programs. The program will now help validate maturity level or control activities, respectively, to the CCM and provide an additional assessment to the overall compliance program.”

CSA_Star_Certification.png

CSA STAR CERTIFICATION

The CSA STAR Certification is a third party independent assessment of the security of a CSP that leverages the requirements of the ISO/IEC 27001:2013 (ISO 27001) management system standard together with the CSA Cloud Controls Matrix (CCM) version 3.0.1. In order to achieve the STAR Certification, a CSP must already have an active ISO 27001 certification or have the STAR Certification assessment performed in tandem with an ISO 27001 certification review.

TALK WITH A SPECIALIST
CSA_Star_Attestation_1.png

CSA STAR ATTESTATION

The CSA STAR Attestation is a third party independent assessment of the security of a CSP. CSA STAR Attestation is a collaboration between the CSA and the American Institute of CPAs (AICPA) to provide guidance for CPA firms (or service auditors) to conduct STAR Attestations using criteria from the AICPA Trust Services Principles (TSP) and the Cloud Control Matrix (CCM). This assessment utilizes the SOC 2 framework to report on the suitability of the design and operating effectiveness of a CSP’s controls relevant to the applicable TSPs (which include Security, Availability, Confidentiality, Processing Integrity, and Privacy) and the suitability of the design and operating effectiveness of its controls in meeting the criteria in the CSA CCM.

TALK WITH A SPECIALIST
FEATURED INSIGHTS

FEATURED REPORT
Audit Readiness

7 STEPS TOWARD AUDIT READINESS

You wouldn’t do a presentation without preparing properly. The same goes for preparing for a compliance audit. Getting ready is a must for success. See how easy it can be.