Improve the security and privacy program within your organization. STAR lets you gain insight into the controls in place to protect your data. Assess both your internal level of assurance, and the level of assurance offered by your cloud providers. Whether you moved to the cloud or are considering migrating in the near future, STAR can help you manage your security and privacy programs more effectively.
With STAR you can leverage:
- The STAR registry as a trusted source of information on the security and privacy posture of CSPs. It enforces accountability and lets you build a coherent GRC program.
- The STAR compliance program which lets you select the level of transparency and assurance you require from CSPs.
- The STAR Foundation tools (CCM, CAIQ, GDPR CoC) to support your own GRC approach and ensure language alignment between you and your CSP.
- If your provider is not listed on the STAR registry, please submit a request to have them verified using our ready-made editable template that you can revise and e-mail directly to your provider(s).
STAR offers different levels of transparency & assurance. After you've selected the appropriate level for your organization you can check their status in the STAR registry.
How to Get Started with STAR
Determine Level of Trust & Transparency Required
- Low-Risk Organizations: Level 1 is a good place to start. If it is decided later that you require greater assurance from your provider you can request them to complete level 2.
- Medium-Risk Organizations: Level 2 is good for organizations with a moderate amount of risk. You can request a self-assessment along with a 3rd-party certification to provide your management with both transparency and assurance.
- High-Risk Organizations: Level 3 is designed for organizations operating in high-risk environments (examples: finance, healthcare, government, etc.). Continuous auditing offers organizations the highest level of both transparency and assurance to keep your organization safe on the cloud. span for guidance).
Browse Registered Cloud Providers in the CSA STAR Registry
The CSA STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
Resources & STAR Foundation Tools
STAR Foundation Tools
STAR is based upon the following CSA frameworks and tools. Click the links below to download these tools and start using them to improve your security and privacy program:
Free Vendor Risk Management Tool
The CSA-OneTrust VRM tool lets you automate the entire vendor management lifecycle, including onboarding and offboarding vendors, triaging vendors, populating vendor information and monitoring the vendor risk lifecycle, all while maintaining records for accountability and compliance purposes. It comes pre-populated with the STAR foundation tools.
Click the link below to provide feedback for cloud service providers with inaccurate information listed on the STAR Registry.