CSA Official Press Release
The Cloud Security Alliance and BSI Launch STAR Certification Program
Part II of the Open Certification Framework for Cloud ProvidersSeptember 25, 2013 – Edinburgh, Scotland (CSA EMEA Congress) - The Cloud Security Alliance (CSA) and BSI, the business standards company, today announced the launch of the STAR Certification program, a rigorous third party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2005 management system standard together with the CSA Cloud Control Matrix, a specified set of criteria that measures the capability levels of the cloud service. Organizations that outsource services to cloud service providers have a number of concerns about the security of their data and information. By achieving the STAR Certification, cloud providers of every size will be able to give prospective customers a greater understanding of their levels of security controls. “Especially in light of recent government revelations, both consumers and providers of cloud-based services have been asking for independent, technology-neutral certification to help them make more informed decisions about the services they purchase and use,” said Daniele Catteddu, Managing Director EMEA at CSA. “In providing a rigorous, user-centric assessment, STAR Certification will provide an additional layer of transparency that the industry has been calling for.” The STAR Certification is based upon achieving ISO/IEC 27001 and the specified set of criteria outlined in the Cloud Controls Matrix. There are 11 controls areas within this matrix covering compliance, data governance, facility security, human resources, information security, legal, operations management, risk management, release management, resiliency and security architecture. The independent assessment by an accredited CSA certification body, such as BSI, will assign a ‘Management Capability’ score to each of the 11 control areas. Each control will be scored on a specific maturity and will be measured against 5 management principles. The internal report will show organizations how mature their processes are and what areas they need to consider improving on to reach an optimum level of maturity. These levels will be designated as either “No”, “Bronze”, “Silver” or “Gold” awards. Certified organization will be listed on the CSA STAR Registry as “STAR Certified”. Elaine Munro, Head of Global Portfolio Management at BSI adds “Technological developments in the work place and desire for employees to be able to work flexibly have led to an increase in business demand for cloud services. However, many organizations are wary of cloud service due to a variety of security concerns. The STAR Certification will help alleviate this problem, as it will provide organizations and consumers with a clear benchmark on which to evaluate the performance of a cloud service provider.” The CSA and BSI will be giving a detailed outline of the new STAR Certification and Open Certification Framework to leading cloud specialists at the CSA EMEA Congress at 17:00 (GMT) today. For further information on STAR Certification, visit: https://cloudsecurityalliance.org/star/ Notes to editors Please note no certification can ever guarantee information is 100% secure, however, ISO/IEC 27001 certification combined with STAR certification ensures a cloud provider has an appropriate system for the type of information it is handling. About the Cloud Security Alliance The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at https://cloudsecurityalliance.org, and follow us on Twitter @cloudsa. About BSI BSI (British Standards Institution) is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. Formed in 1901, BSI was the world’s first National Standards Body and a founding member of the International Organization for Standardization (ISO). Over a century later it continues to facilitate business improvement across the globe by helping its clients drive performance, manage risk and grow sustainably through the adoption of international management systems standards, many of which BSI originated. Renowned for its marks of excellence including the consumer recognized BSI Kitemark™, BSI’s influence spans multiple sectors including aerospace, construction, energy, engineering, finance, healthcare, IT and retail. With over 70,000 clients in 150 countries, BSI is an organization whose standards inspire excellence across the globe. To learn more, please visit www.bsigroup.com Media Contacts: Zenobia Godschalk CSA [email protected] +1 650.269.8315 Naomi Prior BSI [email protected] +44 20 8996 6330
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.