Getting started with CSA STAR Certification

Introduce CSA STAR Certification to your business and we will work with you to focus on cloud specific concerns that address the key requirements demanded by your customers – helping you protect your reputation and setting you apart from the competition.

CSA STAR Certification is a unique scheme developed to address specific issues relating to cloud security as an enhancement to ISO/IEC 27001. Whilst ISO/IEC 27001 standard is widely recognized and respected, its requirements are more generic and therefore there can be a perception that it does not focus on certain areas of security that are critical to particular sectors such as the cloud computing sector. We can help with CSA STAR Certification.

To respond to growing business concerns the Cloud Security Alliance (CSA), a not for profit organization with a mission to promote best practice in cloud computing, created the Cloud Control Matrix (CCM). Developed in conjunction with an industry working group, it specifies common controls which are relevant for cloud security.

In partnership with CSA, BSI has developed CSA STAR Certification based on the matrix, which certifies a client against the controls. 

This scheme assists in the adoption of cloud services by business. It will promote greater transparency and allow Cloud Service Providers (CSPs) to give their stakeholders confidence that they have the necessary controls in place to secure the data they hold.

CSA STAR Certification brings big benefits to companies of all sizes. Confidence, reputation and more business can come with CSA STAR Certification as more customers ask for proof of these measures. CSA STAR Certification helps:

• Provide top management with full visibility to evaluate the effectiveness of their management system in relation to expectations of the cloud security industry and ISO/IEC 27001   
• A tailored audit to be implemented, which will reflect how an organization’s objectives are aimed at optimizing the cloud services
• An organization to demonstrate progress and performance levels via an independently validated award from an external certified body   
• Organizations to benchmark their performance against their peers

Additionally for customer of cloud service providers, CSA STAR Certification will provide a greater understanding of the level of controls that are in place.

The scheme is available to any organization offering cloud services that has, or is in the process of certifying to ISO/IEC 27001. The scope of the ISO/IEC 27001 certification must not be less than the scope of the CSA STAR Certification.

Whilst there are no regulatory drivers for companies to seek certification, CSPs are now seeking more robust certification arrangements. As their clients put a high level of trust in them, a CSP will need to demonstrate greater assurance that this trust is not misplaced. For IT suppliers, this is particularly important as their customers will often not be experts in IT security and therefore will look for independent third-party certification as an indication of the organization’s competency to deliver cloud services.

CSA STAR Certification will provide reassurance as it requires the organization to address the specific issues that are critical to cloud security, and the maturity model assesses how well managed the activities in the control areas are.

Cloud computing provides a way to use and/or store software and data resources on demand via an online network – known as cloud services. Service providers manage the infrastructure and platforms that operate these resources, which are stored remotely and can be accessed by any number of users from their desktop. This can help achieve economies of scale and cut the cost of investing in a company specific IT infrastructure. Cloud computing also allows you to access the software, data and applications that you need on demand from any location – giving you and your staff greater flexibility in the way that you work.