STAR Attestation
About CSA STAR Attestation
The STAR Attestation is positioned as STAR Certification at Level 2 of the Open Certification Framework and STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider.
Star Attestation is based on type 1 or type 2 SOC attestations supplemented by the criteria in the Cloud Controls Matrix (CCM). This assessment:
- Is based on a mature attest standard
- Allows for immediate adoption of the CCM as additional criteria and the flexibility to update the criteria as technology and market requirements change
- Does not require the use of any criteria that were not designed for, or readily accepted by cloud providers
- Provides for robust reporting on the service provider’s description of its system and on the service provider’s controls, including a description of the service auditor’s tests of controls in a format very similar to the now obsolete SAS 70 reporting format and current SSAE 16 (SOC 1) reporting, thereby facilitating market acceptance
STAR Attestation builds on the key strengths of SOC 2 (AT 101):
- Is a mature attest standard (it serves as the standard for SOC 2 and SOC 3 reporting ) .
- Provides for robust reporting on the service provider’s description of its system and on the service provider’s controls, including a description of the service auditor’s tests of controls in a format very similar to the now obsolete SAS 70 reporting format and current SSAE 18 (SOC 1) reporting, thereby facilitating market acceptance
- Evaluation over a period of time rather than a point in time
- Recognition with an AICPA Logo
Requesting Registration
If you have completed your STAR Attestation engagement with your CPA firm, please contact [email protected] to request registration of your attestation report.
Attestation pricing information
- The STAR Attestation registration price is based on the ‘effective number of employees’ in the scope of registration. This maintains consistency with CSA STAR Certification.
- Registered companies receive a listing in the CSA STAR (Security, Trust and Assurance Registry)
- Registered companies are granted CSA STAR and CSA STAR Attestation logo usage rights for their own website and collateral
Registration Pricing
| Effective Employees | CSA Attestation Fee $USD |
|---|---|
| 1 to 10 | $650 |
| 11 to 25 | $1,300 |
| 26 to 76 | $2,300 |
| 76 to 250 | $4,050 |
| 251 to 700 | $6,650 |
| 701 to 1500 | $9,350 |
| 1500 + | $13,300 |
- CSA will apply price reduction based upon the World Bank classification.
- CSA will apply a 20% price reduction for CSA Corporate Members.
- The World Bank scale and CSA Members discount cannot be cumulative.
CSA Corporate Members Providing CPA Attestation Services
The following CSA corporate members have licensed CPAs and employee individuals that have achieved the Certificate of Cloud Security Knowledge (CCSK).
Auditor Requirements
The STAR Attestation engagements must be licensed CPAs. CPAs are governed by the rigorous requirements of the AICPA in addition to licensing requirements of their state of practice.
The CSA’s Certificate in Cloud Security Knowledge (CCSK), the industry’s only cloud security certificate is a very important component of the STAR Attestation Auditor education.
Effective March 15, 2015, the CCSK will be a mandatory requirement for STAR Attestation Auditor.
For more information, please refer to “Guidelines for CPAs Providing CSA STAR Attestation v2”
Key Links & Resources
CSA STAR Attestation Intake Form
Description: The STAR Attestation is positioned as STAR Certification at Level 2 of the Open Certification Framework and STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider.
Release Date: June 07, 2018
CSA STAR Attestation Type 1 Marketing Guidelines 2017
Release Date: May 09, 2017
Guidelines for CPAs Providing CSA STAR Attestation v2
Release Date: March 20, 2017
Guidelines for CPAs Providing CSA STAR Attestation
Release Date: May 18, 2014