STAR Attestation Arrow to Content

About CSA STAR Attestation

The STAR Attestation is positioned as STAR Certification at Level 2 of the Open Certification Framework and STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider.

Star Attestation is based on type 2 SOC attestations supplemented by the criteria in the Cloud Controls Matrix (CCM). This assessment:

  • Is based on a mature attest standard
  • Allows for immediate adoption of the CCM as additional criteria and the flexibility to update the criteria as technology and market requirements change
  • Does not require the use of any criteria that were not designed for, or readily accepted by cloud providers
  • Provides for robust reporting on the service provider’s description of its system and on the service provider’s controls, including a description of the service auditor’s tests of controls in a format very similar to the now obsolete SAS 70 reporting format and current SSAE 16 (SOC 1) reporting, thereby facilitating market acceptance

STAR Attestation builds on the key strengths of SOC 2 (AT 101):

  • Is a mature attest standard (it serves as the standard for SOC 2 and SOC 3 reporting ) .
  • Provides for robust reporting on the service provider’s description of its system and on the service provider’s controls, including a description of the service auditor’s tests of controls in a format very similar to the now obsolete SAS 70 reporting format and current SSAE 16 (SOC 1) reporting, thereby facilitating market acceptance
  • Evaluation over a period of time rather than a point in time
  • Recognition with an AICPA Logo

The STAR Attestation program is currently in piloting phase and will be available at end of 2013.

Page Dividing Line