With STAR you can grow your business as a leader in cloud-specific security and privacy assurance services. As a CSA STAR Auditing firm, you can build on existing auditing standards (SOC2, ISO/IEC 27001, GDPR) with a cloud-specific overlay. If you are interested in learning more about the benefits of becoming an assessment firm you can visit this page. To view the current list of CSA Accredited Assessment Firms, go here.
In this flow diagram, you can learn about the different steps needed to become a CSA Accredited Assessment Firm. The links to the documents mentioned in the diagram are available below.
Follow the steps below to become a Certification Firm, Attestation Firm, or both.
NOTE: We expect that CCAK Certification will become a requirement in the near future and will replace the CCSK requirement. There will be a transition period, however. No date set as of yet.
Certification
- Pay the corporate certification membership fee and sign the Certificate Firm Agreement.
- Submit proof of ISO/IEC 17021 accreditation and scope that shows ISO/IEC27001 plus proof of competency e.g. CCSK or STAR Auditor certification (Must have one on staff to lead STAR portion of audit).
- Add the firm to the Membership webpage, Approved Assessment Firm webpage, and to the drop-down menu of approved firms on the STAR Registry Submission page.
Associated materials:
- Requirements for Bodies Providing STAR Certification
- STAR Certification Guidance Document: Auditing the Cloud Controls Matrix (CCM)
Attestation
- Pay the corporate attestation membership fee and sign the Attestation Firm Agreement.
- Submit proof of CCSK certification (must have one on staff).
- CSA will add the firm to the Membership webpage, Approved Assessment Firm webpage, and to the drop-down menu of approved firms on the STAR Registry Submission page.
Associated materials:
Both
- Add the firm to the Membership webpage, Approved Assessment Firm webpage, and to the drop-down menu of approved firms on the STAR Registry Submission page.
Comments
0 comments
Please sign in to leave a comment.