CSA STAR Attestation and STAR Certification Case Studies
Published 02/28/2021
As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. The CSA STAR Attestation and Certification are the first cloud-specific attestation and certification programs designed to meet this need.
CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Services Criteria) and the CSA Cloud Controls Matrix.
CSA STAR Certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix. Certification certificates follow normal ISO/IEC 27001 protocol and expire after three years unless updated.
Hear first hand from organizations who have gone through the process to become STAR certified. In this blog series we’ll highlight interviews with organizations that have already gone through the process to help answer questions you may have around STAR.
STAR Attestation Case Studies
CSA STAR Attestation; The first cloud-specific attestation program. Guest: Debbie Zallar; Principle, Schellman & Company LLC
In this episode we interview Debbie Zaller; Principal, practice leader, and SME for Schellman & Company, LLC who leads the Midwest Region along with the Privacy, SOC 2 and SOC 3 service lines. We take you inside a STAR attestation engagement following the process from start to finish along with discussing the value having successfully completed a STAR Attestation audit.
The Business Value of STAR Attestation
Ashwin Chaudhary Director and CEO of Accedere group discusses the STAR Attestation, the advantages of SOC2 plus CCM, and the business value it brings to organizations.
https://www.buzzsprout.com/303731/5924110-the-business-value-of-star-attestation
CSA STAR + SOC2 - From Readiness to Attestation
- What is CSA STAR & SOC2? What is CSA STAR & SOC2?
- What are the prevalent business drivers which lead to the necessity of obtaining a CSA STAR & SOC2 attestation?
- Why should my business plan for a CSA STAR & SOC2 rather than react to the demand for the attestation?
In this episode we interview Audrey Katcher; partner of RubinBrown’s Business Advisory Services Group, overseeing the group’s Information Technology Risk Services. She also serves as the Open Certification Framework Working group liaison for AICPA and made a significant contribution to the STAR Attestation guidelines. Audrey answers the above questions and more regarding STAR Attestation and the assessment process.
https://www.buzzsprout.com/303731/3927878-csa-star-soc2-from-readiness-to-attestation
STAR Certification Case Studies
CSA STAR Case Study - Guest: Deepak Gupta; Co-founder and CTO at LoginRadius
Listen as Deepak Gupta; Co-founder and CTO at LoginRadius shares his organization’s journey and approach to implementation. How they weaved the CCM controls into their current management system including all the stakeholders of the business as well as what challenges STAR solved for LoginRadius.
CSA STAR Certification Case Study Guest: Larry Greenblatt, CISSP, CCSP; Information Security Specialist at QAD
Larry Greenblatt, Information Security Specialist at QAD walks listeners through his journey to CSA STAR Certification from business case to implementation to through the audit process. He also discusses the ROI of STAR and the importance of the maturity evaluation and how this has facilitated improving their business overall.
Get your service listed on the STAR Registry.
The Security, Trust, and Assurance Registry (STAR) registry is an excellent tool to improve transparency and establish trust with future and current customers. Find out more about the registry and which level is right for you.
Related Articles:
How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management
Published: 11/22/2024
It’s Time to Split the CISO Role if We Are to Save It
Published: 11/22/2024
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
5 Big Cybersecurity Laws You Need to Know About Ahead of 2025
Published: 11/20/2024