Cloud Customers

Ensure Privacy and Security from Providers

View the Registry
Cloud Customers

Improve the security and privacy program within your organization. STAR lets you gain insight into the controls in place to protect your data. Assess both your internal level of assurance, and the level of assurance offered by your cloud providers. Whether you moved to the cloud or are considering migrating in the near future, STAR can help you manage your security and privacy programs more effectively.

With STAR you can leverage:

  • The STAR registry as a trusted source of information on the security and privacy posture of CSPs. It enforces accountability and lets you build a coherent GRC program.
  • The STAR compliance program which lets you select the level of transparency and assurance you require from CSPs.
  • The STAR Foundation tools (CCM, CAIQ, GDPR CoC) to support your own GRC approach and ensure language alignment between you and your CSP.
  • If your provider is not listed on the STAR registry, please submit a request to have them verified using our ready-made editable template that you can revise and e-mail directly to your provider(s).

STAR offers different levels of transparency & assurance. After you've selected the appropriate level for your organization you can check their status in the STAR registry.

CSA STAR Levels and Scheme Requirements

Learn more about the requirements for the 3 levels of trust, transparency & privacy by downloading the guide to the CSA STAR Level and Scheme Requirements.


How to Get Started with STAR

Determine Level of Trust & Transparency Required

  • Low-Risk Organizations: Level 1 is a good place to start. If it is decided later that you require greater assurance from your provider you can request them to complete level 2.
  • Medium-Risk Organizations: Level 2 is good for organizations with a moderate amount of risk. You can request a self-assessment along with a 3rd-party certification to provide your management with both transparency and assurance.
  • High-Risk Organizations: Level 3 is designed for organizations operating in high-risk environments (examples: finance, healthcare, government, etc.). Continuous auditing offers organizations the highest level of both transparency and assurance to keep your organization safe on the cloud. span for guidance).

Learn more about STAR levels >

Browse Registered Cloud Providers in the CSA STAR Registry

The CSA STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.

View the CSA STAR registry >

Resources & STAR Foundation Tools

STAR Foundation Tools

STAR is based upon the following CSA frameworks and tools. Click the links below to download these tools and start using them to improve your security and privacy program:

Free Vendor Risk Management Tool

The CSA-OneTrust VRM tool lets you automate the entire vendor management lifecycle, including onboarding and offboarding vendors, triaging vendors, populating vendor information and monitoring the vendor risk lifecycle, all while maintaining records for accountability and compliance purposes. It comes pre-populated with the STAR foundation tools.


Provide Feedback

Click the link below to provide feedback for cloud service providers with inaccurate information listed on the STAR Registry.