What is CSA STAR?
The Security, Trust, Assurance and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. It encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM).
Levels of STAR
The STAR program has multiple levels of assurance:
- Level 1: Self-Assessment
- Level 2: Third-Party Audit
Level 1 is achieved through completion and submission of the Consensus Assessments Initiative Questionnaire (CAIQ v4) to show compliance with the Cloud Control Matrix (CCM).
Level 2 is achieved through an independent assessment offered by third parties like MSECB. CSPs can obtain a STAR Attestation (for SOC 2) or a STAR Certification (for ISO/IEC 27001).
How can MSECB help?
As a Corporate Member of CSA, we are authorized to provide third-party independent assessments (Level 2 STAR Certification) in conjunction with ISO/IEC 27001 audits.
Leverage from our expertise as a leading Certification Body for Information Security and Privacy and add CSA STAR Certification to your existing ISO/IEC 27001 certification (or do both together at the same time) and follow best practices to protect data in cloud applications and increase assurance for cloud security and privacy.