Cloud Service Providers
STAR enables solution providers to validate their cloud security and offer proof to current and future customers of the controls in place.
STAR lets cloud customers assess which organizations meet the level of assurance they require and gain insight into the controls in place to protect their data.
Auditors & Consultants
With STAR auditors can grow IT assurance business as a certified leader in cloud-specific security assurance.
About the STAR Program
The industry's most powerful program for security assurance in the cloud.
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
Introducing STAR Continuous
STAR Continuous is the continuous compliance assessment program for cloud services. It promotes trust by ensuring that a cloud service’s necessary security and privacy requirements are continuously met.
Improving on the traditional point-in-time certification, STAR Continuous increases both trust and transparency. A cloud security certification is granted to a cloud service relying on trust that the security posture between audits is maintained. However, point-in-time audits often contain a considerable time gap between audits, and by adopting continuous auditing with an increased audit frequency, chances of deviation of the security posture becomes less. This empowers cloud service providers to make precise statements on compliance status of their cloud services covered by the continuous audit process, achieving an “always up-to-date” compliance status.
A STAR Level 1 Self-Assessment has a validity of 12 months, after which the self-assessment documentation shall be re-submitted. All submissions of self-assessment documentation will be visible in the STAR Registry, and non-current documentation will be marked as “deprecated”.
STAR Foundation Tools
GDPR Code of Conduct
Contains all the necessary requirements a Cloud Service Provider has to satisfy in order to comply with the EU GDPR. Created in collaboration with representatives from the EU national data protection authorities, this code assists organizations in adhering to the European General Data Protection Regulation.