Cloud Service Providers

Establish Trust through Transparency

View the Registry
Cloud Service Providers

The Security, Trust, Assurance and Risk (STAR) registry is a cost effective solution that decreases complexity while increasing trust and transparency. Demonstrate your adherence to security and privacy best practices to future and current customers by submitting to the registry.

Benefits for Cloud Service Providers

  • Accelerate sales cycle
  • Solidify position as a trusted provider of cloud services
  • Better build, establish and maintain a robust security program
  • Expand business by helping customers navigate secure cloud adoption
  • Be part of a global database that is becoming the marketplace for providers used by cloud users

Enhance Industry Standards

Demonstrate increased cloud computing maturity via additional certification. If your organization is already compliant with one of the following you can use STAR to add on to previous compliance initiatives to make them specific to the cloud:

  • ISO27001
  • SOC 2
  • GB/T 22080-2008n
Explain how STAR eliminates multiple vendor questionnaires.
Send letter of justification to your customers

Which Level of STAR is Right for Your Organization?

The level you should pursue depends on the level of responsibility you have in the shared responsibility model and the levels of assurance and transparency you need to provide.

Level 1

  • Operating in a low-risk environment
  • Want to offer increased transparency into the security controls in place
  • Looking for a cost-effective way to improve trust and transparency

Level 2

  • Operating in a medium-high risk environment
  • Already hold the following: ISO27001, SOC 2, or GB/T 22080-2008
  • Looking for a cost-effective way to increase assurance for cloud security and privacy

Level 3

  • Operating in a high risk environment
  • Want to offer a high-level of transparency
  • Your organization is full service CSP

Your requirements may change depending on your risk level, along with associated regulations, contracts and mandates. If you need additional help, please feel free to contact us.

How to Get Started

  1. Download the Cloud Control Matrix (CCM) and read it; understand the content and requirements.
  2. Discover information on our website, including the CSA Cloud Controls Matrix (CCM), Consensus Assessments Initiative Questionnaire (CAIQ) and Open Certification Framework.
  3. Utilize the self-assessment (CAIQ) tool to analyze where you are relative to the STAR requirements .
  4. Contact us to discuss next steps and how to best improve your business and obtain the benefits for CSA and the STAR Registry.
  5. Submit to the STAR Registry.