What is CSA STAR?
The Cloud Security Alliance (CSA) aims to define and raise awareness of the best practices for secure cloud computing. The CSA operates the Security, Trust, Assurance, and Risk Registry (STAR) – a publicly accessible registry that documents the security and privacy controls of popular cloud computing offerings. The registry allows organisations to show current and potential customers the regulations, standards, and frameworks they adhere to and can be used to alleviate due diligence questions from enterprise customers.
There are two levels of STAR assurance, each with a different set of requirements. Level 1 is a self-assessment where organisations can evaluate and document their security controls and assess their privacy based on Europe’s General Data Protection Regulation (GDPR) Code of Conduct. Level 2 is a third-party audit by a qualified CSA practitioner. To undertake the level 2 assessment, an organisation must already hold or adhere to either ISO27001, SOC 2, GB/T 22080-2008, or GDPR.
Why does CSA STAR matter?
With more information being stored 'in the cloud' than ever, it is essential for businesses to prioritise cloud data security. The CSA is an industry leader in secure cloud computing and outlines a broad set of expectations and requirements to ensure customers are in safe hands when dealing with cloud providers. CSA STAR combines the best practices from other information security standards with its own Cloud Controls Matrix, a cybersecurity control framework, to create a complete cloud security control.
The CSA registry allows potential cloud customers to easily review the security practices of providers, accelerating due diligence and reducing the complexity of audits. CSA STAR is considered a leap forward in industry transparency as it encourages providers to make their security capabilities a key differentiator. This reduces security risks for cloud service providers, customers, and data owners.
How does Data Zoo’s CSA STAR Certification benefit my business?
Businesses should consider a provider’s security framework and commitment to industry best practices when looking for a new partner. Data Zoo is proud to have achieved the third-party assessment-based certification, CSA STAR Level 2 Attestation, for our cloud infrastructure.
We pride ourselves on putting our compliance to the test year after year. We proactively undertook rigorous third-party independent audits and assessments to achieve CSA STAR Level 2. We are proud to add CSA STAR Level One and Two Attestation to our compliance portfolio. It reinforces our commitment to delivering a secure and resilient identity service for our customers and allows us to reduce the due diligence workload for future partners.
The Data Zoo difference
In today's digital landscape, organisations face the challenge of meeting expanding privacy regulations and increasing end-user expectations for data handling transparency.
At Data Zoo, we place privacy and security at the core of our products, infrastructure, and policies. Our ecosystem is certified and adheres to the world's highest industry standards and regulations. This allows you to engender customer trust in your brand by ensuring data transparency, protection, privacy, and ownership.
This blog is a part of our in-depth series exploring compliance in the identity verification industry. Discover how to protect your customers' privacy, reduce risk, and create a positive customer onboarding experience.
Ready to learn more? Download our Privacy-First Guide to User Onboarding for a comprehensive look at privacy best practices.