Auditors and Consultants

Grow your Business in Cloud-specific Security

View the Registry
Auditors and Consultants

With STAR you can grow your business as a leader in cloud-specific security and privacy assurance services. As a CSA STAR Auditor, you can build on existing auditing standards (SOC2, ISO/IEC 27001, GDPR) with a cloud specific overlay. As a CSA Global Consultant, you can help users and providers implement effective governance and compliance programs for the cloud.

Learn more about partnering with CSA

Contact Us

STAR Benefits For Auditors

  • Build on existing certification and attestation standard (SOC2, ISO/IEC 27001) with a cloud specific overlay based on CSA best practices.
  • Remain current on cloud best practices, regulations and standards.
  • Build the future of compliance based on the continuous auditing approach.

STAR Benefits For Consultants

  • Expand business by helping customers successfully navigate secure and privacy compliant cloud adoption.
  • Extend offerings to include best practices that support trusted cloud environments.
  • Collaborate with clients as they explore new business models to grow their business.
  • Become a global consultant

Contact Us

Offer cloud providers a higher level of assurance through an independent third-party assessment.

STAR Certification

A technology-neutral certification leveraging the requirements of the ISO/IEC 27001 management system standard together with the CSA Cloud Controls Matrix.

Find out how BSI leveraged STAR Certification

STAR Attestation

Based on type 1 or type 2 SOC attestations supplemented by the criteria in the Cloud Controls Matrix (CCM).

Find out how Schellman & Co leveraged STAR Attestation

C-STAR Assessment

A third party independent assessment of the security of a cloud service provider for the Greater China market that harmonizes CSA best practices with Chinese national standards.

GDPR Code of Conduct Certification

The GDPR CoC Certification is a third-party certification assuring compliance of a CSP’s services to GDPR.

Learn more about the different levels of STAR

Leveraging STAR for Privacy & Security

Guide your customers in adopting the STAR Program for both privacy and security. STAR offers a complete program that covers both operational security (CCM/CAIQ) and privacy legal compliance (GDPR CoC).

  • Help your customer implement a governance, risk & compliance program based on CSA security and privacy best practices based on the CCM, CAIQ, and GDPR CoC.
  • Use the STAR registry to help your customers improve their vendor management/procurement process.
  • Offer your customers access to the free CSA-OneTrust Vendor Risk Management tool.


Learn more about partnering with CSA

Become a Security Assessment Firm

Are you interested in partnering with CSA to offer third-party certifications or attestations? Read the following documents to get started:

Then contact us to learn more about becoming a STAR approved auditor or certification body.

Become a GDPR Assessment Firm

Ensure your organization understands the principles of CSA GDPR CoC and the roles individuals in your organization will need to play. Then contact us to discuss the next steps in becoming a CSA GDPR assessment firm.