Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) Attestation and Certification
Cloud computing has seen tremendous adoption over the past few years. With this proliferation of cloud usage, it is only natural for organizations to increase their concern about the security or compliance associated with your current cloud usage or intended move to the Cloud.
CSA (Security, Trust & Assurance) STAR is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. STAR level 2 certification and attestation provides multiple benefits, including indications of best practices and validation of security posture in cloud offerings.
ControlCase CSA STAR Level 2 Attestation Solution
Our solution for CSA level 2 attestation examines the client’s description of its Infrastructure as a Service system; the suitability of the design and operating effectiveness of controls to meet the criteria for the security, availability, processing, integrity and confidentiality principle(s) set forth in the:
- Trust Services Principles (TSP 100)
- Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (applicable trust services criteria) (AICPA, Technical Practice Aids) and the;
- Criteria set forth in the CSA Cloud Controls Matrix (CCM) control specifications (CCM criteria).
ControlCase CSA STAR Level 2 Certification Solution
The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. Our solution for CSA level 2 certification leverages our ISO/IEC 27001 certification process together with the CSA Cloud Controls Matrix, a specified set of criteria that measures the capability levels of the cloud service.
To be consistent with international standards, the STAR certification scheme is designed to comply with:
- ISO/IEC 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems
- ISO/IEC 27006:2011, Information technology – Security techniques – Requirements for bodies providing audit and certification of information security management systems
- ISO 19011, Guidelines for auditing management systems
Who needs CSA Attestation/Certification?
Any entity that provides cloud computing services from “infrastructure as a service” to “software as a service” are candidates for either attestation or certification process.
STAR certification evaluates the efficiency of an organization’s ISMS and ensures the scope, processes and objectives are “Fit for Purpose” and helps organizations prioritize areas for improvement and lead them towards business excellence. By working with ControlCase, clients benefit from:
- ControlCase’s extensive experience managing security and compliance programs globally.
- A simplified solution for security and compliance in the cloud.
- A Technology enabled GRC platform for Evidence Collection.
- Tailored Partnership Approach!
- Unique Customer Success team to help manage milestones