STAR Registry: Security on the Cloud Verified

Introducing CAIQ-Lite (Beta Version)

We are excited to announce the creation and launch of the Consensus Assessments Initiative Questionnaire (CAIQ) Lite. CAIQ-Lite can be accessed by CSA members for free on CSA as well as from our industry partner Whistic.

Based upon months of analyzing feedback, conducting research & testing, and applying proper weighting and selection; CSA & Whistic are collaboratively releasing CAIQ-Lite.

In order to accommodate the shift to cloud procurement models, CSA and Whistic identified the need for a streamlined assessment questionnaire to better arm cybersecurity professionals to efficiently engage their cloud vendors. CAIQ-Lite was developed to match the rapid pace inherent within the cybersecurity environment, placing increased importance on vendor security questionnaire adoption.

The whitepaper providing further detail on CAIQ-Lite is available for download here.

Download Now

Below is a brief CAIQ-Lite overview:

  • 73 Questions
  • 16 Control Domains remain (CCM 3.0.1)
  • Leveraged panel of hundreds of IT security professionals
  • CSA Member testing & feedback
  • Whistic Customer testing & feedback
  • Utilization of proprietary scoring algorithm
  • Free CSA Member Access

Additionally, If you already have a CAIQ on STAR, a CAIQ-Lite will automatically be created on the Whistic Platform.

STAR for Cloud Service Providers

The Security, Trust, Assurance and Risk (STAR) registry is a cost effective solution that decreases complexity while increasing trust and transparency. Demonstrate your adherence to security and privacy best practices to future and current customers by submitting to the registry.

Benefits for Cloud Service Providers

  • Accelerate sales cycle
  • Solidify position as a trusted provider of cloud services
  • Better build, establish and maintain a robust security program
  • Expand business by helping customers navigate secure cloud adoption
  • Be part of a global database that is becoming the marketplace for providers used by cloud users

Enhance Industry Standards

Demonstrate increased cloud computing maturity via additional certification. If your organization is already compliant with one of the following you can use STAR to add on to previous compliance initiatives to make them specific to the cloud:

  • ISO27001
  • SOC 2
  • GB/T 22080-2008n

Which Level of STAR is Right for Your Organization?

Figure: CSA STAR Open Certification Framework Diagram

The level you should pursue depends on the level of responsibility you have in the shared responsibility model and the levels of assurance and transparency you need to provide.

Level 1

  • Operating in a low-risk environment
  • Want to offer increased transparency into the security controls in place
  • Looking for a cost-effective way to improve trust and transparency

Level 2

  • Operating in a medium-high risk environment
  • Already hold the following: ISO27001, SOC 2, or GB/T 22080-2008
  • Looking for a cost-effective way to increase assurance for cloud security and privacy

Level 3

  • Operating in a high risk environment
  • Want to offer a high-level of transparency
  • Your organization is full service CSP

Your requirements may change depending on your risk level, along with associated regulations, contracts and mandates.
If you need additional help, please feel free to
contact us.

How to Get Started

  1. Download the Cloud Control Matrix (CCM) and read it; understand the content and requirements.
  2. Discover information on our website, including the CSA Cloud Controls Matrix (CCM), Consensus Assessments Initiative Questionnaire (CAIQ) and Open Certification Framework.
  3. Utilize the self-assessment (CAIQ) tool to analyze where you are relative to the STAR requirements .
  4. Contact us to discuss next steps and how to best improve your business and obtain the benefits for CSA and the STAR Registry.
  5. Submit to the STAR Registry.

STAR for Cloud Customers

Improve the security and privacy program within your organization. STAR lets you gain insight into the controls in place to protect your data. Assess both your internal level of assurance, and the level of assurance offered by your cloud providers. Whether you moved to the cloud or are considering migrating in the near future, STAR can help you manage your security and privacy programs more effectively.

With STAR you can leverage:

  • The STAR registry as a trusted source of information on the security and privacy posture of CSPs. It enforces accountability and lets you build a coherent GRC program.
  • The STAR compliance program which lets you select the level of transparency and assurance you require from CSPs.
  • The STAR Foundation tools (CCM, CAIQ, GDPR CoC) to support your own GRC approach and ensure language alignment between you and your CSP.

STAR offers different levels of transparency & assurance. After you've selected the appropriate level for your organization you can check your cloud service provider's status in the STAR registry.

CSA STAR Levels and Scheme Requirements

Learn more about the requirements for the 3 levels of trust, transparency & privacy by downloading the guide to the CSA STAR Level and Scheme Requirements.

How to Get Started with STAR

Determine Level of Trust & Transparency Required

  • Low-Risk Organizations: Level 1 is a good place to start. If it is decided later that you require greater assurance from your provider you can request them to complete level 2.
  • Medium-Risk Organizations: Level 2 is good for organizations with a moderate amount of risk. You can request a self-assessment along with a 3rd-party certification to provide your management with both transparency and assurance.
  • High-Risk Organizations: Level 3 is designed for organizations operating in high-risk environments (examples: finance, healthcare, government, etc.). Continuous auditing offers organizations the highest level of both transparency and assurance to keep your organization safe on the cloud. span for guidance).

Learn more about STAR levels >

Browse Registered Cloud Providers in the CSA STAR Registry

The CSA STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.

View the CSA STAR registry >

Resources & STAR Foundation Tools

STAR Foundation Tools

STAR is based upon the following CSA frameworks and tools. Click the links below to download these tools and start using them to improve your security and privacy program:

Free Vendor Risk Management Tool

The CSA-OneTrust VRM tool lets you automate the entire vendor management lifecycle, including onboarding and offboarding vendors, triaging vendors, populating vendor information and monitoring the vendor risk lifecycle, all while maintaining records for accountability and compliance purposes. It comes pre-populated with the STAR foundation tools.

Submit Complaint

Click the link below to submit a complaint for cloud service providers with inaccurate information listed on the STAR Registry.

STAR for Auditors & Consultants

With STAR you can grow your business as a leader in cloud-specific security and privacy assurance services. As a CSA STAR Auditor, you can build on existing auditing standards (SOC2, ISO/IEC 27001, GDPR) with a cloud specific overlay. As a CSA Global Consultant, you can help users and providers implement effective governance and compliance programs for the cloud.

Learn more about partnering with CSA

Contact Us

STAR Benefits for Auditors

  • Build on existing certification and attestation standard (SOC2, ISO/IEC 27001) with a cloud specific overlay based on CSA best practices.
  • Remain current on cloud best practices, regulations and standards.
  • Build the future of compliance based on the continuous auditing approach.

STAR Benefits for Consultants

  • Expand business by helping customers successfully navigate secure and privacy compliant cloud adoption.
  • Extend offerings to include best practices that support trusted cloud environments.
  • Collaborate with clients as they explore new business models to grow their business.
  • Become a global consultant

Offer cloud providers a higher level of assurance through an independent third-party assessment.

STAR Certification

A technology-neutral certification leveraging the requirements of the ISO/IEC 27001 management system standard together with the CSA Cloud Controls Matrix.

STAR Attestation

Based on type 1 or type 2 SOC attestations supplemented by the criteria in the Cloud Controls Matrix (CCM).

C-STAR Assessment

A third party independent assessment of the security of a cloud service provider for the Greater China market that harmonizes CSA best practices with Chinese national standards.

GDPR Code of Conduct Certification

The GDPR CoC Certification is a third-party certification assuring compliance of a CSP’s services to GDPR.

Learn more about the different levels of STAR >

Leveraging STAR for Privacy & Security

Guide your customers in adopting the STAR Program for both privacy and security. STAR offers a complete program that covers both operational security (CCM/CAIQ) and privacy legal compliance (GDPR CoC).

  • Help your customer implement a governance, risk & compliance program based on CSA security and privacy best practices based on the CCM, CAIQ, and GDPR CoC.
  • Use the STAR registry to help your customers improve their vendor management/procurement process.
  • Offer your customers access to the free CSA-OneTrust Vendor Risk Management tool.

Resources

Learn more about partnering with CSA

Become a Security Assessment Firm

Are you interested in partnering with CSA to offer third-party certifications or attestations? Read the following documents to get started:

Then contact us to learn more about becoming a STAR approved auditor or certification body.

Become a GDPR Assessment Firm

Ensure your organization understands the principles of CSA GDPR CoC and the roles individuals in your organization will need to play. Then contact us to discuss the next steps in becoming a CSA GDPR assessment firm.

STAR Contact



Topic(s) that Interest You:

Having read and understood the CSA’s Privacy Policy,

I specifically consent to receive marketing messages via the following channels:

Validating Authenticity of STAR Registry Files

File attachments in the CSA STAR Registry are compressed and digitally signed with gpg (GnuPG) 2.2.3. The below key can be used to v erifyeach file’s authenticity.

Signature Details

Username: "CloudSecurityAlliance STARWatch"
Fingerprint: 0795 5495 94D1 0ACF 2F9B 3EC1 D9C7 ECF0 7A82 41C6

-----begin pgp public key block-----

mqinbfod07wbeachq3eb9svmquhjjq1wswvs0sxetxrxev3leqmbeuyzrnxnnjkk
uetry31c23jglquuswv+btrjl8xaas/xz7vaqps+tw7jpaeszcoihzaml+cswhin
+/rdgf8zmfqbltfzap9ewl1+vvq1spcnroxoq4pyr6potdm186dqv/yzcjcjfm+r
5goemnre1ikvghdxvqsf16edpve/xqrpha6vhwnpwofeisje/blwut49cmx62yli
ny8m/zkgem0ayrr7h6wdxvb9dgasdim1rhg7y4+lay59av22ahbdpfaq++7divr9
2d5sn0um9ccvsyxa8n3tg6sxaxrmwn30n2jy5ilv/suqexvqnwchohwgpfvhjnqu
pqe8frxdjqp5tg3a2ssmyshxsozkrjo6p+lfz0xv+l+frks5e81igjaw1lxgcias
n1sfznkqu65u79vc+5w7djvb9vmd6zvxvmoiy7rdp0+ieeouealxonrfv5jyfngz
ik5tl8yw5ijsnkjzxwmmcumqlyqjjk5sbi90qxsxhercvydirlpjeagg9plwi9ko
ydhplkjvnes6pmxwkobszpuzpx7rgpctoz2nf49osba25z1am326rx+ihxhnxvtn
gu5+/bytk2sk8tyiqgfzriliazsy7x9njpy8qchh4okw+4rp7c+9zchuqwaraqab
tdzdbg91zfnly3vyaxr5qwxsawfuy2ugu1rbuldhdgnoidxzdgfyd2f0y2hac3rh
ci53yxrjad6jak0eewekadccgwmchgecf4awiqqhlvsvlnekzy+bpshzx+zweojb
xgucwi7y4qulcqghagyvcakkcwidfgibaaojennh7pb6gkhgax0p/ryubxcxzyvn
qoyervojqamppjs3tk9safki8tartstmi/sk9xva0qxljwkhnmboaakbsy+itkzx
6oejel6otpcrgtoykdknpcekwyu+zihssvt7gkcyl93setpdl2xo4wqn6mheaigc
wqygdy7ln/hyzs3irdxnow6gm8e4qzvmfnekrng+ogsseelmqndj9+p2mjkkzf7f
c7e0ficq5eo2rbhrxz2ehdm5j5vjvsdbj7ufs9jakq3iciuaek81eaawoqjqqzzc
nzypn22p4pre42yiuqrsknf+qrp8ikpn44mbnigpzmnqvinhnl5dypwqzneoo6wy
nnpfumxapzzrnv0tdsloud+f+m/2yl/dme5q1xwqjh7ontgrd27gjoeiq62rgryi
ogzqr6sbbi4vh7grrkrv5gxum7pjgv/nzbswqp1tpgrzt5ziqzlrqdgiqwgjz4c8
bzuj9ozvb079sl1e0wxn+xd+aut+kvhtmubrkrobyjbwyidf8s+r0jf+qnwogbql
mpbmedvdllglklkmuofexchj/26xqd7xodqv3j7bwjxkn9ulwgqytlr48vcv3/kw
qi89eciiibbg4vb8qsteu6gvz7qadz/4zwwocmtc/p1ibtldp5qmdntofsh40n1d
crn1cxb9gk5648z97+jszpht4jys60vuiqizbbmbcgadfiee85f0pgusunrwia/z
hhzen36kvm8falod1dkacgkqhhzen36kvm+eoa/9fgdnsnda4yebn5mgwkna/iz5
02nixpvqliudckabqoz/0w8o2vwg5wu1292btz/b3kjf0svi1pslj9kkwlovigba
gdaxsrwgwudjfcdbks/spswbqnheuz1n/d7tff9fvpnltoyh1mgyiif/v2km4w7y
fm7mofaqodrdfoaxk0xxunvod3zzt2wac87w+gvwjjgcwnjkinpdfheshm4v+jih
dbu5aafeo1ca7mn2qbjwlire5cyccsnjfg5b3zmxmz/uatrpj1cij/4xgsafvzdp
f4wwn08ixwfwsqmnm8ahrfvu2elexkt9ser1z9ernnr9wvrfrecwirgt6plwuo/6
0wqu9palkm88lnhctyn+a9n0exwg+8fmhbz1ojpdnvjlfbl5zczdk3rx7szd16ls
xoakqf7a/zrxedjixnftjv1wk2agavo/65awgez+u5ozpbxo5bbafw/m8gfpyh1g
jf6q0zwdex6pbajvjt6vhhbdr98r3adjpwbxt3uqmb2pghgoewwhw8ouxv07ehge
xchc8dppmdh59q3he8qt5ejte/swwqwixalo7xe0ft9lsrkb358mvd9slwly5qen
kws1bat4nvi8rqwm/awjwzws58cfxylwpgy6xoriwuqyc+c9rwx2ejuifx22tbit
ipvclgr44ujbpie9t0ejajmeewekab0wiqspc/mvc1auj2a/dvqwduvtxiz5kwuc
wh3urgakcrawduvtxiz5k/8td/9a/pt0t4m/wwjuf504g8vsfqy3zor3og4paxmh
kzspdl6x7ys+yhlh7inwlwiwy00edgyao8yiyhtky5oazfoajl3fkkbytl9qqzns
n1t2lggzhnpdzudzg7sniqroic7v93hc645x2ufyhauqvcxv/vrpgctvhs2fxqnl
js74rzc4mmhzdxzthyvlwfkpwdfntlh35vplipr4ljfzixpoux+dk7irsyayt1ij
zk7lrfjfolnr4apacalo3wotvq7pxwgaleumnzkkdfxoer4gf/b+hmafden3rysj
8il7ejig4qyudvjubmi/lt4m6owdvec4jidfa0ltgplxlz7ez7ap9upudujl+uwn
flrxqauf5rwwpcnj2gyvaownfvnozzajue7hwj9qug0ewhkjbyhinciq0uxzljcu
o2asamkhaz4mlku0ut0go7hfwxcryjaiteqyykjwzkzznsgoevgl+iczondj+ics
9y+rivmheqmmmdmu9d409ad0im7173kuae6kglramsrf/fz6dwsdligbqd0d3yoh
oarwk2bli9/1lkfg/7p1erxc7h5uu/a7k7luqfy3w2efbvso2sjuclkeijd6g5b6
914utwa3gevabyoqnoyjcwwflw0zg2yxd3fnwzg/vfavrfbvkvdganljiuidtajp
5r3quykcmwqtaqoahryhbk3d1clviy7qvs4crvfcrcsgd4f0bqjahdrpaaojepfc
rcsgd4f0xduqal33nhwpk7b31hxcjcyumy0rh6n76g/ikykokjfzaw58xlp2yly3
unqhcojhijhdfflssztp4xrin9q0ujd+8pd0d7ac0pjgjdbda2lgo6zqeb/szvnh
j8f45zqo5oyojc148/mvatfw//zopgf745dxn3pfqdi9oinjxhersae3ru77kr1g
c2bx4139xx6bq7dkcuczutvnrgvjudafnbmv4km95smdtgjjtah7rvr6hr6qtqgx
popte6zn7swynikyigogflcjzwru/6nkairs7jxi/s0wfsov1/gt6qrxn9vgn3ft
xa18brfy3kax/qtscv8s9fplho+lt1ajpt4rg2mvc0in+jwsroqx5iim5d/vdsfc
khh9p3rvcdexnjz9t8eyqxfra5e6avwkdp+ubfqi9epmyzigom0posbsy+wj/edx
80jhd8zcjnk1rwdd+ypuif5u+hxydbbg/9dltk1rv33tfknwpqtalw63by0a+pou
qnoqm03gxe/nurp4cpbydnhkdymucziyphnbcnrksll2zirvjudnujdxbldvtn5o
tbkokfdu/j/16udyqndpadpg5kyqgxxasitubgjhrwhmgqiprlkyv6eq5emk7pyr
plebamxbiqlmm8ktysyuu6am7k309vi8paz5ghgbvry+cfhgj2dzahw0iqizbbmb
cgadfieefc/to+1exke5uraehxemwazi2rofalod1fcacgkqhxemwazi2rre6a/9
hwwc6nigxtt2crivxuzewb/kif+opadwatcs3mxqcrgyzgzpfpu140wzoi3ha4i5
dadyanzl8lw2a9rxzjli5elum+ehonnhou3mivz+jllfhf8xs1xohknuanewfjem
8gblrefzcz4ajqqfxe0vdagj7bd7xx8ix8yawhwtwpqugkux81xclxc/e+yoz79+
owfviqozzmfhthzlcf8hztyte/d78ckoe2ls5omlps9koomuym/wv1afep8+zgzv
0sxhxv7pegwhb4kag9b50/u+wdihytzn+wmemexj+xyxggviro1hv5plcjr4hznn
idggeldijt8jgpdah8en4hdsi8wfitfbwxpgho5uz6xdj6d9ivzkqp6iqvouiyk7
qeblglosccaltb0qqflnaygnw5esrljmtxibsz9i2xho4/qmeo8z/pqurfmkfr2a
2fk72coproco1+lgnqd7obnlw1bq9jmj/2ibgov6kqaw2pl4/46wx+gaifz0fk1w
rcpvdyw8mitzkzok2fmf+n2glm9ppew8aojsrxpl2fn/m19v2u4ndkfea1nttbem
iwyjgys5m9vgnkwb4nwnly5xe8qeynb9ktfz6hd/egkwzyxy56+i/8jrmfrztk0p
2t5djaukj/dxk2xhigy9i4iuarpakqv4gw1xy7gtzyg5ag0ewh3tvaeqakw9q7mt
1vn53qbptod2xvyaycwfrh9z64kyidm5pcmqo/vtbz2ablzvfufxtuujaf7wirwa
uebec/n8feramlwwjl7/t0bsiahjtfaijux0v09a/ehvjczfgqxiljghczfr6yyb
xkc0eztb4/ayx+gz3otccotepctv3mcqplfoqkomvvvepsghc0e5wdmvigjxkty6
6qa1dazj6bkrvls5fmsl5wawrqm+qyxdqk5byokces40e7bkhzo4b6bp6o51xyhj
niryauavvy8xniesiw5obpuubbgkvywmy1mmldxnbdbtomxw0c+9apqnjdrvnyrm
dhksjavzby+as3fd5ytkx6qxpqfsbm1uq6lkigpaxhgzr2qksrn8o4g2avl6nm8f
fhcjdpaipo/8v0eerk/tw34hki+xyidw6a0ilweeykkyxlelmdf8r+zd0yq9d49l
82omslzduvpnqg4clqhp0kaf8aecedw5bwqt8rupggj3rnzuofc0t1bbubcsoif+
mohsh/lbdd5clchw13o/bgarcp4rzz6hlunzdvn3bu+kezptgx+7racuck1ofwal
ovoxp4vhim2zt7rmtma6djohbdhe5lgguf5hy6jfl1p4gpfqblvlq6dlzw9jcfw/
qhmczgceiltrarzqc4viv+nbp/mt33r3mbq/abebaagjajyegaekacawiqqhlvsv
lnekzy+bpshzx+zweojbxgucwh3tvaibdaakcrdzx+zweojbxipwd/kb9yy1yngi
gczic552gc08+srzdzurmwfn5d6yjsmmxf9qexrck4lbxi3rqewi1ahboyfters3
x7lji+ercpjwul2rkn4hwtippa5m2xrdnzt1r0ho2ym7ppmlel/uyjbapbsdi5d5
pxn3du76tv3cw2ld35+r+aepzd/kpxqbwhxlrlrrmk4zsnbb4sdxxqjgeurpgp2r
jm/t2zw/s2eomyercvju+yyokkokz+2dde7qz+1tjxldq38hzkm39rrnbnxxzc9e
41zvefzyswx/xu2e3utdf56vs+edxekbjg90nwa0tbhrw4nequpxjwkbkenczbik
6o65vm5bgnqsawkhzn5tdfjoqmai40ufop6nvetpw039s2cphf3754k7g/rjvlye
w6bhx9z6ic8ee2kjs/kok3iva6yxnlxmy2a+gdbtkuz3dizwyfwiyeev8ilb7tm3
2ao8mclc/rlm1u7lkd2kdk46crpe4tkthxajy9uk9dfygfjxlwkxdxaoinzupui7
oxtfhjzn5elee4aw4jvfxslpxv/nfcz4fvtbkhr7ec7tdrj+l27iyz2lzxelu0et
l6a0cd3f621ohbmp7nejliylo3u0kpjpjwda9uclwotvqozmhpxtumfovhgueqgn
fbpsxggasswysmovhfaj2j5oe7ma5thqta==
=cyv6

-----end pgp public key block-----
        

The industry's most powerful program for security assurance in the cloud.

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.

STAR Continuous

STAR Continuous is the continuous compliance assessment program for cloud services. It promotes trust by ensuring that a cloud service’s necessary security and privacy requirements are continuously met.

Improving on the traditional point-in-time certification, STAR Continuous increases both trust and transparency. A cloud security certification is granted to a cloud service relying on trust that the security posture between audits is maintained. However, point-in-time audits often contain a considerable time gap between audits, and by adopting continuous auditing with an increased audit frequency, chances of deviation of the security posture becomes less. This empowers cloud service providers to make precise statements on compliance status of their cloud services covered by the continuous audit process, achieving an “always up-to-date” compliance status.

Learn more about how to implement STAR Continuous within your organization or for your cloud service provider by downloading the Technical Guidance or Client Brochure.

Open Certification Framework

The STAR Program is founded on the Open Certification Framework displayed below. The framework provides a flexible, incremental and multi-layered cloud provider certification according to CSA’s industry leading security guidance and control objectives.

Figure: CSA STAR Open Certification Framework Diagram

Self-assessment - CSA STAR Level 1

CSA STAR Self-Assessment

CSA STAR Self-Assessment is a complimentary offering that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering using. Cloud providers either submit a completed Consensus Assessments Initiative Questionnaire (CAIQ), or submit a report documenting compliance with the Cloud Controls Matrix (CCM). This information then becomes publicly available, promoting industry transparency and providing customer visibility into specific provider security practices.

GDPR Code of Conduct Self-Assessment

The Code Self-Assessment consist in the voluntary publication on the STAR Registry of two documents:

The Code Self-Assessment covers the compliance to GDPR of the service(s) offered by a CSP. A company after the publication of the relevant document on the Registry will receive a Compliance Mark valid for 1 year. The Self-Assessment shall be revised every time there’s a change to the company policies or practices related to the service under assessment.

Third Party Certification - CSA STAR Level 2

Level 2 of STAR allows organizations to build off of other industry certifications and standards to make them specific for the cloud.

CSA STAR Attestation

CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix. STAR Attestation provides for rigorous third party independent assessments of cloud providers.

CSA STAR Certification

The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix.

CSA C-STAR Assessment

The CSA C-STAR Assessment is a robust third party independent assessment of the security of a cloud service provider for the Greater China market that harmonizes CSA best practices with Chinese national standards. C-STAR leverages the requirements of the GB/T 22080-2008 management system standard together with the CSA Cloud Controls Matrix, plus 29 related controls selected from GB/T 22239-2008 and GB/Z 28828-2012.

GDPR Code of Conduct Certification

The GDPR CoC Certification is a third-party certification assuring compliance of a CSP’s services to GDPR based off of the CSA Code of Conduct for GDPR.

Full Cloud Assurance and Transparency - CSA STAR Level 3

If your organization operates in high-risk environment, then we recommend pursuing STAR Level 3.

CSA STAR Continuous Monitoring

CSA STAR Continuous Monitoring enables automation of the current security practices of cloud providers. Each level of STAR has a continuous monitoring option to offer increased transparency on a regular basis. It provides the opportunity to frequently (monthly) update a self-assessment and supports a third party based certification (e.g. STAR Certification) with additional, regularly updated information on the CSP security posture. Providers publish their security practices according to CSA specifications, which customers and tool vendors can then retrieve and present in a variety of contexts.

Increasing reliability of results, transparency and ease of use of the CSP’s assurance reports is a competitive advantage in today’s environment. However, in the near future this will be a barrier to entry for those who have not made the investment. If you’re a cloud service provider that will hold sensitive corporate data, must be compliant with GDPR, or provide business critical applications, having a comprehensive story around how the data and systems are protected and having that story validated by an independent audit, will reduce the apprehension customers have to move their business to you.

Learn more about how STAR can help your organization by downloading the Client Brochure. For more details on the specifications for implementing STAR Continuous download the STAR Technical Guidance.

Redirecting...

If you have not been redirected after 3 seconds, please click here.

Add your Service to the CSA STAR Registry

CSA STAR is open to all Cloud Providers

Eligibility for listing on the STAR Registry requires an official and authorized submission of one or more documents asserting compliance to CSA-published best practices. The registry is intended to allow potential cloud customers to review the security and privacy practices of providers, accelerating their due diligence and leading to higher quality procurement experiences.

Companies can be listed on the STAR Registry by submitting their STAR Self-Assessment or Code of Conduct for GDPR Compliance Self Assessment (Level 1) and/or their Third Party based certification (Level 2).

For more information about the CSA STAR Program please see: https://cloudsecurityalliance.org/star/#_overview.

For more information about the Code of Conduct for GDPR Compliance please see: https://gdpr.cloudsecurityalliance.org.

Ready to Submit?

For Cloud Service Providers

  • Proceed below to submit your CSA STAR Level 1 submission.
  • CSA STAR Level 2 Attestation requires completion of the STAR Attestation Template .

Cloud Service Providers proceed here

For Certification Bodies

Certification Bodies proceed here

STAR Registry Entries

0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z