Getting started with CSA STAR Certification

Introduce CSA STAR Certification to your business and we will work with you to focus on cloud specific concerns that address the key requirements demanded by your customers – helping you protect your reputation and setting you apart from the competition.

What is CSA STAR Certification?

CSA STAR Certification is a unique new scheme developed to address specific issues relating to cloud security as an enhancement to ISO/IEC 27001. Whilst ISO/IEC 27001 standard is widely recognized and respected, its requirements are more generic and therefore there can be a perception that it does not focus on certain areas of security that are critical to particular sectors such as the cloud computing sector. We can help with CSA STAR Certification.

To respond to growing business concerns the Cloud Security Alliance (CSA), a not for profit organization with a mission to promote best practice in cloud computing, created the Cloud Control Matrix (CCM). Developed in conjunction with an industry working group, it specifies common controls which are relevant for cloud security.

In partnership with CSA, BSI has developed CSA STAR Certification based on the matrix, which certifies a client against the controls. It awards a Gold, Silver or Bronze rating depending on how well the system has been embedded within the organization.

This new scheme will assist in the adoption of cloud services by business. It will promote greater transparency and allow Cloud Service Providers (CSPs) to give their stakeholders confidence that they have the necessary controls in place to secure the data they hold.

What are the benefits of CSA STAR Certification?

CSA STAR Certification brings big benefits to companies of all sizes. Confidence, reputation and more business can come with CSA STAR Certification as more customers ask for proof of these measures. Plus it can help you as a cloud service provider: 

  • Provide top management with visibility, so that they can evaluate the effectiveness of their management system in relation to expectations of the cloud security industry and ISO/IEC 27001
  • Implement an audit that is desgined to reflect how your organization’s objectives are aimed at optimizing the cloud services
  • Demonstrate progress and performance levels via an independently validated award from an external certified body
  • Benchmark your performance against your peers

Additionally for customer of cloud service providers, CSA STAR Certification will provide a greater understanding of the level of controls that are in place.

Who is CSA STAR Certification for?

The scheme is available to any organization offering cloud services that has, or is in the process of certifying to ISO/IEC 27001. The scope of the ISO/IEC 27001 certification must not be less than the scope of the CSA STAR Certification.

Whilst there are no regulatory drivers for companies to seek certification, CSPs are now seeking more robust certification arrangements. As their clients put a high level of trust in them, a CSP will need to demonstrate greater assurance that this trust is not misplaced. For IT suppliers, this is particularly important as their customers will often not be experts in IT security and therefore will look for independent third-party certification as an indication of the organization’s competency to deliver cloud services.

CSA STAR Certification will provide reassurance as it requires the organization to address the specific issues that are critical to cloud security, and the maturity model assesses how well managed the activities in the control areas are.

What is cloud computing?

Cloud computing provides a way to use and/or store software and data resources on demand via an online network – known as cloud services. Service providers manage the infrastructure and platforms that operate these resources, which are stored remotely and can be accessed by any number of users from their desktop. This can help achieve economies of scale and cut the cost of investing in a company specific IT infrastructure. Cloud computing also allows you to access the software, data and applications that you need on demand from any location – giving you and your staff greater flexibility in the way that you work.