As with all management system standards, ISO/IEC 27001 has been written in such a way that it can be applied to any organization, large or small, across all industries. As such, it is felt that there are special requirements specific to cloud computing that are either not covered or need to be covered more precisely.
Developed by the Cloud Security Alliance (CSA) the Cloud Controls Matrix (CCM) bridges this gap, by providing an additional set of controls for cloud service providers.
A joint agreement was signed by the CSA and BSI in August 2012 to develop a third party certification scheme for cloud security called STAR certification. The scheme incorporates the requirements of ISO 27001, and a maturity rating to indicate how well an organization is complying with the additional cloud specific requirements and also to drive optimization efforts by assessing the organizations capabilities and complexities as well.
This new scheme will assist in the adoption of cloud services by business by promoting greater transparency and allowing cloud service providers (CSPs) to provide their stakeholders with confidence that they have the necessary controls in place to secure the data they hold.