CSA STAR Assessments
The Cloud Security Alliance (CSA) STAR Program has been developed as an assurance framework for cloud service providers (CSPs) and cloud service customers to assess the security of cloud-based services and solutions.
LBMC is an approved Certified STAR auditor, accredited by the CSA to perform STAR Level 2 third-party audits to attest or certify CSPs against the STAR framework. LBMC is also equipped to assist organizations with preparing for a STAR Level 1 self-assessment, or with assessing their cloud service providers against the CSA’s Cloud Controls Matrix.
What is CSA STAR?
The CSA STAR Program is the most popular cloud security provider certification program, integrating a three-tiered provider assurance package of self-assessment, third-party audit, and continuous monitoring. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). By being listed on the CSA STAR Registry of cloud service providers, organizations can show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to. It can carry the benefit of reducing compliance complexity and alleviating the burden of completing multiple customer security questionnaires.
What is the Cloud Security Alliance?
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA has developed the definitive best practices for the industry, such as the “Security Guidance for Critical Areas of Focus in Cloud Computing”, the “Cloud Controls Matrix”, “Top Threats to Cloud Computing” and 50 other cloud security research artifacts. For further information, visit www.cloudsecurityalliance.org.
Why choose LBMC as your STAR Auditor?
- CSA STAR Level 2 Attestation is built upon a SOC 2 attest engagement. LBMC Information Security’s audit professionals operate as part of LBMC, PC—a Top 40 US CPA firm. We provide SOC services to clients across the country and ensure all attestation engagements are performed in accordance with the standards established by the American Institute of Certified Public Accountants.
- CSA STAR Level 2 Certification is built upon an ISO/IEC 27001:0213 audit. LBMC Certification Services, LLC is an accredited global ISO Certification Body with over 10 years’ experience in ISO audit and assessment. Audits are conducted in accordance with ISO 17021-1, ISO/IEC 27006, and applicable accreditation guidelines.
- LBMC is as an approved CSA STAR auditor. Upon successful assessment completion, LBMC can submit organizations to be listed on the CSA STAR Registry.
CSA STAR Services
CSA STAR Attestation
LBMC conducts SOC 2 attest engagements against the AICPA Trust Service Criteria in addition to the CSA Cloud Controls Matrix. STAR Registry attestation listings expire after one year unless updated.
CSA STAR Certification
LBMC Certification Services, LLC conducts ISO certification and surveillance audits against the ISO/IEC 27001:2013 standard in addition to the CSA Cloud Controls Matrix. STAR Registry certification listings require annual audit and expire after three years unless updated.
CSA STAR Advisory
LBMC assists the organization with establishing its STAR compliance program, preparing for STAR Level 1 self-assessment, or conducting Cloud Controls Matrix assessments against cloud service providers. Organizations benefit from LBMC advisory professionals’ cloud security and compliance expertise to enhance their security, compliance, and vendor management programs.