Helping companies report on and comply with cloud audit requirements
Cloud Security Alliance (CSA) Security, Trust, Assurance and Risk (STAR) level 2 third-party audits are a strong tool to help cloud service providers evaluate and report on their cybersecurity controls based on a well-respected industry framework that was designed specifically for cloud computing, the Cloud Controls Matrix (CCM).
There are two variations: STAR Certification which is an expansion of ISO 27001 certification and STAR Attestation which is an expansion of SOC 2 reporting. Both are very complementary to SOC 2, ISO 27001, and other security frameworks and standards used by cloud service providers.
CSA STAR Certification requires and builds upon ISO 27001 certification with issuance of a separate CSA STAR certificate. It has gained solid adoption among cloud service providers of various sizes globally. CSA STAR Attestation expands SOC 2 reporting to also include controls and associated testing for the detailed CCM requirements. It is a good option where customers require more detailed information on the service provider’s cloud controls.
As an authorized agent of MSECB, our highly experienced team can provide CSA STAR certification services while also integrating our test plan into your other compliance projects (such as SOC 1, SOC 2, HITRUST) using a test once, report many approaches.
How BDO Can Help
Third Party Attestation Insights
Explore our most recent resources and thought leadership.
At BDO, you can do much more than fulfill your career ambitions — here, you can explore your full potential. That’s because we’re committed to helping our employees achieve on both personal and professional levels.