Close
Request Consultation

CSA-STAR SOC 2 Attestation and ISO/IEC 27001 Certification Services: Build Your Brand’s Trust in the Cloud

CSA logo

A CSA-Star assessor firm that efficiently delivers certification and attestation to compliant organizations with an in-depth review process

Request a CSA-STAR Assessment

Service Page Contact Form TOP

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Name
Privacy Policy*

CSA-STAR Assessments Performed by Experienced Assessors

CSA-STAR Icon

What is CSA-STAR?

CSA-STAR (Security, Trust, Assurance, and Risk) is a certification framework developed by the Cloud Security Alliance (CSA). It provides assurance in cloud security by offering a comprehensive auditing and certification scheme. CSA-STAR is designed specifically for cloud service providers (CSPs) to demonstrate their security capabilities and compliance with industry standards.

This framework serves multiple purposes, including:

  • Providing transparency to cloud customers by allowing CSPs to showcase their compliance with security standards.
  • Reducing risks in the cloud by setting a benchmark for security best practices.
  • Helping organizations in the decision-making process by providing verifiable security information on cloud providers.

CSA-STAR consists of multiple levels of certification/Attestation:

  • Level one is a self-attestation based on the Consensus Assessments Initiative Questionnaire (CAIQ) maintained by the Cloud Security Alliance.
  • Level two is a third-party attestation or certification. At this level, an independent third-party auditor verifies the cloud service provider’s compliance with the CSA’s security controls.
    • The STAR certification is conducted in accordance with the ISO/IEC 27001 standard, ensuring that both the ISO requirements and CSA’s additional cloud-specific controls are met.
    • The STAR attestation can be performed in conjunction with a SOC 2 assessment.

The CSA-STAR and the associated Cloud Control Matrix (CCM) allow Cloud Service Providers, SaaS providers, and other organizations a way to demonstrate their commitment to transparency as well as their commitment to safeguarding of data and adherence to industry standards.

What is a CSA-STAR assessment?

CSA-STAR assessment is a formal evaluation process designed to assess and certify the cloud security practices of cloud service providers (CSPs) based on standards established by the Cloud Security Alliance (CSA). The assessment helps organizations and cloud providers demonstrate compliance with security best practices, and it provides transparency to customers about the security measures implemented within cloud environments.

The third-party assessment will include the following steps.

  1. Pre-assessment/gap analysis/CAIQ review: Evaluating an organization’s readiness for the Level 2 assessment, including reviews of scope, policy, practice, and the organization’s Level 1 self-assessment results.
  2. Assessment planning timelines.
  3. Assessment/testing execution against the CSA CCM.
  4. Concurrent or consecutive ISO/IEC 27001 or SOC 2 Assessment and issuance of reports, including CSA-STAR certification for ISO/IEC 27001 or attestation for SOC 2.

Assessment and certification of CSA STAR security controls and associated documentation, policies, and compliance procedures require an ISO/IEC 27001 certification and can be issued by an independent assessor firm accredited by a recognized national accreditation body for auditing ISO/IEC 27001 and issuing ISO certifications. Linford & Company takes pride in being an accredited ISO/IEC 27001 assessor firm, ensuring the credibility and proficiency of our certification services.

Assessment and attestation of CSA STAR compliance with security controls and associated documentation, policies, and compliance procedures require a licensed CPA firm that follows AICPA Trust Service Criteria (SOC 2) and auditing standards that has demonstrated experience conducting SOC 2 Type 1 and Type 2 audits. Linford & Company’s extensive experience with SOC 1 and SOC 2 audits, combined with technical knowledge, makes us an ideal organization to issue your SOC 2 with CSA-STAR attestation.

What is the cost of a CSA-STAR assessment?

The fees for a CSA-STAR assessment are contingent upon several factors, encompassing the intricacy of the evaluated IaaS, PaaS, SaaS, or CSP platform. The CSA-STAR assessment is usually conducted in conjunction with ISO/IEC 27001 or SOC 2 assessments. Linford & Company delivers an upfront, precise, and dependable quote prior to commencing any assessment engagement. This proactive approach significantly mitigates the risk of fee escalations, ensuring transparency and facilitating informed decision-making. In addition to the fee charged by Linford & Company to perform the assessment, a pass-through fee charged by CSA per assessment is added to the assessment fee. This pass-through fee is based on criteria determined by the CSA.

Who should get a CSA-STAR assessment?

Cloud Service Providers (CSPs)

  • IaaS, PaaS, and SaaS providers: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) providers are the primary candidates for CSA-STAR assessments. These providers deliver critical cloud-based services and need to prove the robustness of their security controls.
  • CSPs that want to differentiate themselves in the market by demonstrating compliance with the Cloud Security Alliance’s best practices, particularly if they operate in highly regulated industries (e.g., healthcare, finance, government, etc.).
  • CSPs handling sensitive data (e.g., personally identifiable information (PII), financial data, healthcare information) benefit from the transparency and trust that a CSA-STAR certification offers.

Our CSA-STAR Assessors

Star Attestation logo
Lois Colby

Lois Colby

Partner | CPA, CIA, CISA, CCSK

Brian Sandenaw

Brian Sandenaw

Director | CISSP , CCSK

Experienced Assessors

Our highly experienced assessors can offer both the CSA-STAR Attestation (in conjunction with SOC 2) and the CSA-STAR Certification (in conjunction with ISO 27001).

Our Partners

Rob Pierce
Jaclyn Finney
Mark Larson
Kevin Anderson
Nicole Hemmer
Isaac Clarke
Maggie Cheney
Rhonda Willert
Hilary Stavrakas
Becky McCarty
Newel Linford
Ray Dunham
Megan Kovash
Lois Colby
Danielle Pei
Jenny Shen
Richard Rieben
Ben Burkett

Why Choose Linford & Company LLP?

CSSK Certified Professionals

Linford & Company professionals holding the CSSK certification perform the CSA-STAR assessments. These individuals hold other relevant designations and have years of experience in performing audits over different audit and security standards.

Flexible and Tailored Approach

Linford & Company tailors the audit process to meet the needs of our clients, and we leverage our own tools or our clients’ chosen GRC platform to perform assessments. Our auditors coordinate performance of the CSA-Star Level 2 assessment with the SOC 2 or ISO/IEC 27001 assessments to capitalize on efficiencies of time, effort, and cost for both the auditor and the auditee.

Partner Involvement

We take pride in providing a high level of Partner involvement with each assessment in an effort to further solidify our commitment to quality and efficiency.

Ready for a CSA-STAR Assessment?

Fill out the form and we will put you in touch with one of our CSA-STAR auditors. Your contact information stays with us and is only used to talk with you about your CSA-STAR assessment—we do not sell or share your contact information with anyone.

Request a CSA-STAR Assessment

Service Page Contact Form BOTTOM

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Name
*
Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
I understand and agree to the Linford & Company LLP privacy policy.**
Request Consultation
Linkedin-in Youtube