Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

STAR Registry Listing for

Candex

Founded in 2013 by the Cloud Security Alliance, the Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices.

Candex

Candex is a platform that simplifies the process of engaging, tracking, and paying for business services. The company provides its service via a streamlined, industry standard, secured integration from your procurement system. The integration allows for buyers in your organization to seamlessly submit purchase orders to different vendors via Candex as a technology-based master vendor.

Candex is committed to protecting your data privacy and securing your information. We
collect limited personal data (and no sensitive personal information), only as needed to
provide our master vendor services, and comply with all applicable data privacy laws,
including the European General Data Protection Regulation (GDPR). Our information
security program is designed to ensure the security of all data processed by the entirety
of the Candex Platform and its components, across the organization’s systems,
subcontractors, and the Candex staff. We maintain an organization-wide information
security program that consists of our ISO27001 information security policies and
procedures, as well as other industry standard security programs and methods such as
the AWS Well Architected program, CIS , and OWASP.

Information about Candex
Listed Since: 11/28/2023
Last Updated: 11/28/2023

STAR Level 1

Self-Assessment & Partner-Provided

Consensus Assessments Initiative Questionnaire v4.0.2

CAIQ 4.0.2 Self-assessment
Offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the CSA Cloud Controls Matrix (CCM).
(Deprecated)
Deprecated assessments do not necessarily indicate non-compliance. In this case, the self-assessment has not been updated in more than one year. We suggest contacting this organization directly to request that they submit an updated self-assessment.