STAR Attestation Arrow to Content

About CSA STAR Attestation

The STAR Attestation is positioned as STAR Certification at Level 2 of the Open Certification Framework and STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider.

Star Attestation is based on type 2 SOC attestations supplemented by the criteria in the Cloud Controls Matrix (CCM). This assessment:

  • Is based on a mature attest standard
  • Allows for immediate adoption of the CCM as additional criteria and the flexibility to update the criteria as technology and market requirements change
  • Does not require the use of any criteria that were not designed for, or readily accepted by cloud providers
  • Provides for robust reporting on the service provider’s description of its system and on the service provider’s controls, including a description of the service auditor’s tests of controls in a format very similar to the now obsolete SAS 70 reporting format and current SSAE 16 (SOC 1) reporting, thereby facilitating market acceptance

STAR Attestation builds on the key strengths of SOC 2 (AT 101):

  • Is a mature attest standard (it serves as the standard for SOC 2 and SOC 3 reporting ) .
  • Provides for robust reporting on the service provider’s description of its system and on the service provider’s controls, including a description of the service auditor’s tests of controls in a format very similar to the now obsolete SAS 70 reporting format and current SSAE 16 (SOC 1) reporting, thereby facilitating market acceptance
  • Evaluation over a period of time rather than a point in time
  • Recognition with an AICPA Logo

Requesting Registration

If you have completed your STAR Attestation engagement with your CPA firm, please contact [email protected] to request registration of your attestation report.

Attestation pricing information

  1. The STAR Attestation registration price is based on the ‘effective number of employees’ in the scope of registration. This maintains consistency with CSA STAR Certification.
  2. Registered companies receive a listing in the CSA STAR (Security, Trust and Assurance Registry)
  3. Registered companies are granted CSA STAR and CSA STAR Attestation logo usage rights for their own website and collateral

Registration Pricing

Effective EmployeesCSA Attestation Fee $USD
1 to 10$650
11 to 25$1,300
26 to 76$2,300
76 to 250$4,050
251 to 700$6,650
701 to 1500$9,350
1500 +$13,300
  1. CSA will apply price reduction based upon the World Bank classification.
  2. CSA will apply a 20% price reduction for CSA Corporate Members.
  3. The World Bank scale and CSA Members discount cannot be cumulative.

CSA Corporate Members Providing CPA Attestation Services

The following CSA corporate members have licensed CPAs and employee individuals that have achieved the Certificate of Cloud Security Knowledge (CCSK).

Auditor Requirements

The STAR Attestation engagements must be licensed CPAs. CPAs are governed by the rigorous requirements of the AICPA in addition to licensing requirements of their state of practice.

The CSA’s Certificate in Cloud Security Knowledge (CCSK), the industry’s only cloud security certificate is a very important component of the STAR Attestation Auditor education.

Effective March 15, 2015, the CCSK will be a mandatory requirement for STAR Attestation Auditor.

During the period June 15 2014 – March 14 2015 the CCSK is highly recommended for STAR Attestation Auditors. It should be noted that all STAR Attestation entries, issued in the period June 15 2014 – March 14 2015 will note whether or not the auditor has achieved this designation.

For more information, please refer to “Guidelines for CPAs Providing CSA STAR Attestation

Key Links & Resources

Guidelines for CPAs Providing CSA STAR Attestation

Guidelines for CPAs Providing CSA STAR Attestation

This document provides guidance for CPAs in conducting a STAR Attestation.

Release Date: May 15, 2014

Page Dividing Line
This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.