The Cloud Security Alliance (CSA), according to it, is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing, and providing education on the uses of Cloud Computing to help secure all other forms of computing.
The Security, Trust, Assurance, and Risk (STAR) Registry by CSA is a publicly accessible registry that documents the security and privacy controls provided by the cloud computing service providers.
STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM) and Consensus Assessment Initiative Questionnaire (CAIQ).
CSA STAR Certification: for ISO 27001:2013
The CSA STAR Certification is a third-party independent assessment of the security of a cloud service provider, by a CSA approved assessment firm, such as DQS.
On the basis of ISO 27001 information security management system requirements, CSA STAR covers requirements specific to cloud computing to help organizations continually improve their cloud security.
This certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix. A CSA STAR Certification certificate follows normal ISO/IEC 27001 protocol with normally a 3-year validity.
Benefits of STAR Certification
- The certification allows organizations to show customers their security and compliance posture.
- It will reduce the need to address multiple customer assessments.
- The certification is a competitive advantage.
Supports by DQS
DQS is a certification body accredited by ANAB for ISO 27001 information security management system certification service, and an assessment firm approved by CSA for STAR Certification on the basis of ISO 27001.
DQS can provide training, gap assessment, audit and certification service against CSA STAR.