CSA STAR Certification

The CSA STAR (Security, Trust & Assurance Registry) certification is a rigorous third-party independent assessment of the security of a cloud service provider.

The Cloud Security Alliance (CSA) is a nonprofit organization.

It defines best practices in the establishment, maintenance and use of cloud services.

Beschreibung Standard/Regelwerk

What is CSA STAR certification?

This technology-neutral certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix.

The assessments are based on the following components:

  • Cloud Controls Matrix (CCM): It is composed of 197 control objectives that are structured in 17 domains covering all key aspects of cloud technology to help cloud customers assess the overall security risk of a CSP.
  • Consensus Assessments Initiative Questionnaire (CAIQ): a set of more than 300 questions based on the CCM that a customer or cloud auditor may want to ask of CSPs to assess their compliance with CSA best practices.

The registry can accessed at https://cloudsecurityalliance.org/star/registry/

Show more
Show less

What are the CSA STAR levels?

The Level 1 is a self-assessment. The Level 2 STAR certification can be achieved through a Third-Party Audit. Level 2 of STAR allows organizations to build off of other industry certifications and standards to make them specific for the cloud. Organizations looking for a third-party audit can choose from one or more of the security and privacy audits and certifications.

An organization’s location, along with the regulations and standards it is subject to, will have the greatest factor in determining which ones are appropriate to pursue.

Organizations should pursue this level if they are

  1. Operating in a medium to high risk environment,
  2. Already hold or adhere to the following: ISO27001, SOC 2, GB/T 22080-2008, or GDPR, and
  3. Looking for a cost-effective way to increase assurance for cloud security and privacy as well as gain a competitive advantage in the market.
Show more
Show less

How does CSA STAR certification work?

Neelov Kar, Lead Auditor, presents the details of CSA certification in an interactive format. Neelov has extensive experience in auditing information security worldwide and a strong understanding of Cloud Security. Neelov was interviewed by Sandeep Pauddar, DQS Inc. IT Sector Manager, about CSA STAR certification and how to chart a road map for certification.

View the webinar

The audit is planned as at least an additional 50% of the total audit time compared to the underlying calculation for ISO 27001 initial audit and adjusted for the surveillance as appropriate. The assessments can be combined.


What does CSA STAR certification cost?

The cost of the certification is dependent on different factors, just like ISO 27001 certification is. We would be happy to provide you with a customized quote.


Why DQS?

More than 35 years of experience in the certification of management systems
Industry-experienced auditors and experts with strong technical knowledge
Value-adding insights into your company
Certificates with international acceptance

Expertise and accreditations for all relevant standards
Personal, smooth support from our specialists - regionally, nationally and internationally
Individual offers with flexible contract terms and no hidden costs

Show more
Show less

Request for quote

Your local contact

We would be happy to provide you with a customized CSA STAR quote.