What is CSA STAR?
The Security, Trust, Assurance and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. It encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM).
Levels of STAR
The STAR program has multiple levels of assurance:
- Level 1: Self-Assessment
- Level 2: Third-Party Audit
Level 1 is achieved through completion and submission of the Consensus Assessments Initiative Questionnaire (CAIQ v4) to show compliance with the Cloud Control Matrix (CCM).
Level 2 is achieved through an independent assessment offered by third parties like MSECB. CSPs can obtain a STAR Attestation (for SOC 2) or a STAR Certification (for ISO/IEC 27001).
Benefits of CSA STAR Certification for Cloud Service Providers and Customers
- Decreases the security risks for all parties involved, CSPs, customers, and data owners.
- Shows commitment to transparency and best practices of CSPs
- Serves as a great advertising tool and reinforces your reputation as a trustworthy CSP