The scheme is available to any organization offering cloud services that has, or is in the process of certifying to ISO/IEC 27001. The scope of the ISO/IEC 27001 certification must not be less than the scope of the CSA STAR Certification.
Whilst there are no regulatory drivers for companies to seek certification, CSPs are now seeking more robust certification arrangements. As their clients put a high level of trust in them, a CSP will need to demonstrate greater assurance that this trust is not misplaced. For IT suppliers, this is particularly important as their customers will often not be experts in IT security and therefore will look for independent third-party certification as an indication of the organization’s competency to deliver cloud services.
CSA STAR Certification will provide reassurance as it requires the organization to address the specific issues that are critical to cloud security, and the maturity model assesses how well managed the activities in the control areas are.