In short, STAR Certification can be considered an evolution of ISO27001. It follows the same auditing rules and approach, and it integrates the controls objectives included in ISO27002 with the controls of the CSA Cloud Control Matrix (CCM). Moreover it adds to the standard ISO audit a Maturity Model.
Note: ISO27001 is considered a prerequisite for achieving STAR Certification.
The STAR Certification audit has to be conducted by an ISO27001 Certification Body and the auditors need to have additional qualifications to show their competence in cloud security. The list of qualified STAR Certification auditors can be found on our website.
Typically STAR Certification and ISO27001 audits are conducted at the same time. The auditee simply makes an extension of the ISO27001 Statement of Applicability so as to include the CCM controls.
In terms of auditing time, that is typically equal to 150% of the ISO27001 auditing time. For instance, if it takes ten days to complete your ISO audit, it should take 15 days for the combined audit ISO27001+STAR Certification. At the end of such a process, you would get both the ISO and the CSA certificates.