Cloud Security Alliance Attestation Services and Consulting
The Cloud Security Alliance (CSA) is a nonprofit organization that is dedicated to defining best practices to help ensure a more secure cloud computing environment. In 2013, the CSA and the British Standards Institution launched the Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry in which CSPs can publish their CSA-related assessments. CSA STAR is based on two key components of the CSA GRC Stack: Cloud Controls Matrix (CCM): a controls framework covering fundamental security principles across 16 domains to help cloud customers assess the overall security risk of a CSP. The Consensus Assessments Initiative Questionnaire (CAIQ): a set of more than 140 questions based on the CCM that a customer or cloud auditor may want to ask of CSPs to assess their compliance with CSA best practices.
Our Cloud Security Alliance (CSA) Services
Riskpro provides support in both types of STAR certification and attestation.
CSA Star Certification
The CSA STAR Certification is a third party assessment of the security of a cloud service provider (CSP) that leverages the requirements of the ISO/IEC 27001:2013 (ISO 27001) management system standard together with the CSA Cloud Controls Matrix (CCM).
CSA Star Attestation
The CSA STAR Attestation is a third party independent assessment of the security of a CSP. CSA STAR Attestation is a collaboration between the CSA and the American Institute of CPAs (AICPA) to provide guidance for CPA firms (or service auditors) to conduct STAR Attestations using criteria from the AICPA Trust Services Principles (TSP) and the Cloud Control Matrix (CCM). This assessment utilizes the SOC 2 framework to report on the suitability of the design and operating effectiveness of a CSP’s controls relevant to Security, Availability, Confidentiality, and the effectiveness of these controls. CSA audits can be combined with SOC2 frameworks to issue SOC2+ audit reports. Riskpro has conducted more than 30 SOC 2 and SSAE audits.
For more information, please contact firstname.lastname@example.org