Cloud Service Providers
STAR enables solution providers to validate their cloud security and offer proof to current and future customers of the controls in place.
STAR lets cloud customers assess which organizations meet the level of assurance they require and gain insight into the controls in place to protect their data.
Auditors & Consultants
With STAR auditors can grow IT assurance business as a certified leader in cloud-specific security assurance.
About the STAR Program
The industry's most powerful program for security assurance in the cloud.
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
STAR Foundation Tools
GDPR Code of Conduct
Contains all the necessary requirements a Cloud Service Provider has to satisfy in order to comply with the EU GDPR. Created in collaboration with representatives from the EU national data protection authorities, this code assists organizations in adhering to the European General Data Protection Regulation.
Coalfire and Coalfire ISO, the accredited certification body arm of Coalfire, began offering STAR™ attestation and certification services as part of its product catalog in response to increasing customer requests. As part of feedback reviews, Coalfire determined that many of our clients were seeking guidance pertaining to assurance programs that would address compliance in the cloud. While other baseline security standards can be vague when addressing shared responsibilities between the cloud provider and cloud user, the Cloud Controls Matrix (CCM) understands that relationship and enforces design requirements for both parties before rating the degree of conformity for any given objective.
Senior Director, Coalfire
The STAR program is the absolute benchmark on cloud provider security -- covering a full range of aspects together in a leveled scale, allowing cloud providers to differentiate on their cloud security in a transparent manner. Ultimately, transparency at the cloud provider communicates the risks faced by the cloud user to the cloud user, which in turn enables the cloud user to prioritize resources in fulfilling their own requirements and responsibilities. The STAR program effectively facilitates a better relationship between cloud providers and cloud users: this is a unique aspect that cannot be replicated by other cloud security schemes.
Founder and CEO, Ribose Inc.
CSA STAR Certification is an assurance framework, enabling cloud service providers to embed cloud-specific security controls. The maturity model brings a continual focus on addressing the changing risk of this technology, which aligns with BSIs commitment to helping clients make excellence a habit. Our work with the CSA helps us drive the cloud security agenda and ensure STAR Certification remains aligned with the fast-moving industry developments.
Global Product Champion, Information Security, Business Continuity, BSI Group