- Author: Joacim Vestvik-Lunde
- Keywords: Business Assurance, Other sectors
The CSA STAR Certification is a rigorous third party independent assessment of the security of a cloud service provider, and is based upon achieving ISO/IEC 27001 and the specified set of criteria outlined in the Cloud Controls Matrix, measuring the capability levels of the cloud service.
While the ISO/IEC 27001 Management System for Information Security is a widely recognized and adopted standard, it does not include specific requirements for the Cloud. The CSA STAR technology-neutral certification leverages the requirements of the ISO/IEC 27001 management system standard together with the CSA Cloud Controls Matrix.Taking certification to the next level
“The CSA STAR Certification focus on performance, long term sustainability and risk and goes hand in hand with our Risk Based Certification approach to management systems certification. Taking certification to the next level, it allows you to demonstrate compliance to the chosen standard while building sustainable business performance over time," says Zeno Beltrami, Assessment Manager in DNV GL - Business Assurance, Region Southern Europe.
He emphasizes that organizations are no longer only measured by what happens within their walls or on the bottom line. “Your stakeholders expect that you manage the full impact of your operations – social, economic and environment - and information security is an important part of this picture.”
The independent assessment by an accredited CSA certification body will assign a ‘Management Capability’ score to each of the Cloud Controls Matrix's security domains. Each domain will be scored on a specific maturity and will be measured against five management principles. The internal report will show organizations how mature their processes are and what areas they need to consider improving on to reach an optimum level of maturity. Certified organizations will be listed in the CSA STAR Registry as “STAR Certified”.About CSA
The Cloud Security Alliance (CSA) is a not-for-profit organization led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. CSA’s mission is to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.
Read more about the Cloud Security Alliance (CSA) and CSA STAR certification.