CSA STAR Certification
The Cloud Security Alliance (CSA) is a nonprofit organization.
It defines best practices in the establishment, maintenance and use of cloud services.
What is CSA STAR certification?
The assessments are based on the following components:
- Cloud Controls Matrix (CCM): It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology to help cloud customers assess the overall security risk of a CSP.
- Consensus Assessments Initiative Questionnaire (CAIQ): a set of more than 300 questions based on the CCM that a customer or cloud auditor may want to ask of CSPs to assess their compliance with CSA best practices.
The registry can accessed at https://cloudsecurityalliance.org/star/registry/
What are the CSA STAR levels?
An organization’s location, along with the regulations and standards it is subject to, will have the greatest factor in determining which ones are appropriate to pursue.
Organizations should pursue this level if they are
- Operating in a medium to high risk environment,
- Already hold or adhere to the following: ISO27001, SOC 2, GB/T 22080-2008, or GDPR, and
- Looking for a cost-effective way to increase assurance for cloud security and privacy as well as gain a competitive advantage in the market.
How does CSA STAR certification work?
Neelov Kar, Lead Auditor, presents the details of CSA certification in an interactive format. Neelov has extensive experience in auditing information security worldwide and a strong understanding of Cloud Security. Neelov was interviewed by Sandeep Pauddar, DQS Inc. IT Sector Manager, about CSA STAR certification and how to chart a road map for certification.
The audit is planned as at least an additional 50% of the total audit time compared to the underlying calculation for ISO 27001 initial audit and adjusted for the surveillance as appropriate. The assessments can be combined.
What does CSA STAR certification cost?
Expertise and accreditations for all relevant standards
Personal, smooth support from our specialists - regionally, nationally and internationally
Individual offers with flexible contract terms and no hidden costs