What is STAR Certification?
The Cloud Security Alliance and BSI have partnered to develop a Certification Scheme dedicated to the security of Cloud Services.
STAR Certification has been designed as an enhancement to ISO 27001 and a response to growing business concerns over the security of Cloud Services.
CSA and the Cloud Control Matrix
The Cloud Security Alliance, a not-for-profit organisation, created the Cloud Control Matrix (CCM) a framework of controls that addresses unique security requirements expected of Cloud Service Providers.
The controls fall in to 11 main areas:
- Compliance (CO)
- Data Governance (DG)
- Facility Security (FS)
- Human Resources (HR)
- Information Security (IS)
- Legal (LG)
- Operations Management (OP)
- Risk Management (RI)
- Release Management (RM)
- Resiliency (RS)
- Security Architecture (SA)
BSI and STAR Certification
The Certification Body BSI have worked together with the CSA to develop the STAR Scheme which assesses each of the 11 Control Areas from the CCM against 5 Capability Factors:
1. Communication & Stakeholder Engagement.
2. Policies, Plans & Procedures (A systematic approach).
3. Skills & Experience.
4. Ownership, Leadership & Management.
5. Monitoring & Measuring.
Each capability factor has clear performance-score-criteria to enable progress through maturity and the scores from each area above contribute to an overall Gold, Silver or Bronze rating.
Protection and Promotion
STAR Certification, combined with ISO 27001 Certification provides a robust framework for managing the risks associated with Cloud Services.
It provides an independent review of your arrangements and gives added assurance to customers, some of which may be investing business critical applications in your cloud.
Achieving Certification may also provide a competitive edge when tendering or accessing procurement frameworks.
Contact us to start the journey to STAR Certification.