CSA STAR

Improve your cloud security posture through CSA STAR’s integrated certification program

Security Assurance for the Cloud

The Cloud Security Alliance’s Security, Trust, Assurance, and Risk (CSA STAR) is one of the most powerful certification programs for cloud service providers (CSPs). As an accredited certification body, BARR Advisory can perform rigorous yet efficient independent security assessments to help CSPs demonstrate their commitment to security and privacy best practices.

 

STAR Security Trust Assurance and Risk Registry

How CSA STAR Works

CSA STAR is based on several foundational tools, including the:

Once certified, your organization can register to be a part of the STAR Registry, a global database of organizations who demonstrate security and privacy best practices. Certification toward CSA STAR contains two levels, a self-assessment, third-party auditing, and continuous management. Read more for details on each of these levels.

Level 1 is the first step toward CSA STAR certification and is open to all organizations. The self-assessment phase is a good fit for organizations who want to boost trust by demonstrating the transparency of the security controls in place.

During the self-assessment phase, CSPs complete a CAIQ to document compliance with the CCM. STAR Self-Assessments are updated annually. Additionally, The GDPR Code of Conduct Self-Assessment covers compliance to GDPR. After publishing all necessary documents to the STAR Registry, CSPs will receive a Compliance Mark that’s valid for one year.

Level 2 includes an attestation and certification phase through a rigorous assessment process. Organizations who’ve already completed assessments through frameworks like SOC 2 and ISO/IEC 27001 can benefit from this phase, increasing security assurance and privacy in their cloud environments.

Attestation: The CSA STAR Attestation is a combination of CSA and AICPA Trust Service Criteria that are used for SOC 2 engagements. STAR Attestations last one year with a minimum period of six months.

Certification: Certification under CSA STAR program is an assessment of the security of a CSP. The certification process leverages requirements of ISO/IEC 27001 with the CSA Cloud Control Matrix. STAR certifications last three years, and once complete, CSPs can register as “STAR Certified” under the STAR Registry.

Why BARR for CSA STAR

Trusted advisor to some of the fastest growing cloud service providers (IaaS, PaaS, SaaS) in the country
Serving the most regulated industries including technology, financial services, healthcare and government
Clients range from high-growth startups to Fortune 1000 companies
40% of BARR’s audit reports are delivered early
Competitive, fixed rates to accommodate growing enterprises
We put you and your business first, providing unparalleled communication and accessibility at all times

CSA STAR Resources

Frequently Asked Questions

There are multiple benefits to achieving a CSA STAR certification or a CSA STAR attestation. In addition to providing assurance to your customers and stakeholders, CSA STAR can help your organization achieve compliance with other powerful compliance frameworks and can differentiate your organization as one that takes cloud security seriously.

Achieving a CSA STAR certification or a CSA STAR attestation is a great choice for any cloud service provider looking to provide an extra level of assurance to their customers and stakeholders.

When CSA STAR is added to an ISO engagement, the result is a CSA STAR certification. When CSA STAR is added to a SOC 2 engagement, the result is a CSA STAR attestation. Speak to one of BARR’s CSA STAR auditors today to learn more about the right path for your organization.

Contact Us for a Free Consultation

We’re here to help you!
Speak with a BARR specialist about your security and compliance needs.

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.