Overview
CSA STAR Certification is a rigorous third-party audit programme for assessing the security level of cloud service providers to measure the functional level of cloud services. Launched in 2013, the CSA STAR certification programme uses the security management requirements of the ISO 27001 management system standard, combined with the Cloud Control Matrix (CCM), to show the security procedures of cloud computing in a scoring manner.
To achieve the STAR Certification, a Cloud Service Provider (CSP) must already have achieved ISO 27001 certification or have the STAR Certification assessment performed in parallel with ISO 27001 certification.
Benefits of CSA STAR
Wide-ranging and robust
CSA STAR provides a comprehensive framework for Cloud governance and security controls. It complements other standards, such as ISO 27001, to provide an effective, risk-based assessment of Cloud security risks and remediation strategies.
CSA STAR certification demonstrates that a Cloud service provider’s information security defences are robust and that specific issues critical to Cloud security have been addressed
A licence to trade
For the cloud service buyer, certification provides assurance of the cloud service provider’s competence to deliver secure services.
Other benefits
- Provides top management with visibility of their Cloud assets so that they can evaluate the effectiveness of their management system in relation to the expectations of the Cloud security industry and ISO 27001
- Implements an audit that is designed to reflect how well your organisation’s objectives are aligned with the optimisation of your Cloud services
- Provides empirical evidence to assess progress and performance levels via an independently validated award from an external certified body
- Benchmarks your performance against your peers
Why work with us?
LRQA is a CSA STAR-certified certification body as well as an Accredited Certification Body for ISO 27001. Our auditors are trained and experienced in both ISO 27001 and CSA STAR and they are able to use their skills to dig deep into the culture and systems of the organisations they audit. This allows them to provide meaningful insight and feedback on what matters to your business.
Want to know more about this service?
Looking for more information security services?

Risk-based solutions. Real business benefits.
LRQA offer a wide range of services against the world’s leading information security standards. We work closely with you, providing solutions to address your specific requirements.
Start your journey