Build trust with CSA STAR in 2024

Demonstrate Best-in-Class Cloud Security with CSA STAR Level Two Accreditation.

soc2-explained-video-cover
SOC 2 STANDARD

Is this the year you grow with SOC 2?

There’s no better standard to baseline your information security and earn trust with a broad customer base.

AssuranceLab is a registered CPA and CA firm ready to help you earn trust with SOC 2 in the US and globally.

We provide end-to-end readiness and audit services, with a cloud-native and agile approach that enables you to work at your own pace.

Contact us book a call
alab-network-countries-and-employees

You’re in great company. We work with hundreds of fast-growing software companies across 13 countries, ranging in size from 2 to 26,000 employees.

alab-network-countries-and-employees-1

You’re in great company. We work with hundreds of fast-growing software companies across 20+ countries, ranging in size from 2 to 26,000+ employees.

CSA STAR Level Two Accreditation

Is this the year you

grow with CSA STAR?

CSA STAR Level Two demonstrates a high standard of cloud security to differentiate your credentials to enterprise

AssuranceLab is a Certified CSA STAR audit firm ready to help you earn trust with CSA STAR globally.

We provide end-to-end readiness and audit services, with a cloud-native and agile approach that enables you to work at your own pace.

Contact us book a call
alab-soc2-image
Sapia
Transcom-1
Vic
VIQ solutions
Vital
Voxel

THE BENEFITS

Clear reasons to act

alab-international-credibility-icon

International
credibility

A globally recognised accreditation to build trust at scale

alab-customer-confort-and-trust-icon

Customer comfort
and trust

A detailed report addressing crucial
customer due diligence questions

alab-minimal-business-disruption-icon

Minimal business
disruption

Agile and flexible audits that help minimise the disruption while meeting client deadlines

alab-choice-of-goalposts-icon

Rigorous standard

A challenging and comprehensive standard that earns a high level of trust

alab-multi-standard-compliance-icon

Multi-standard
compliance

CSA STAR combines well with several global standards to do more with less

alab-recognition-of-partial-progress-icon

Levels of Accreditation

CSA STAR has three levels of accreditation to recognise partial progress

THE PROCESS

Four Steps to CSA STAR

left arrow right arrow
CSA STAR Readiness Assessment

CSA STAR Readiness Assessment

We built Pillar so you can assess your compliance with 30+ global standards. It helps you get started with a tailored view of your controls and any gaps to prepare for our compliance audits for one or more frameworks. And, Pillar is always free.

Remediation Support

Remediation Support

We guide you as you address any gaps and implement fit-for-purpose processes that align with your culture and the CSA STAR control objectives. Our flexible and responsive team helps you work through it at your own pace.

CSA STAR Type 1 Audit

CSA STAR Type 1 Report

We conduct the Type 1 audit at your pace to help you minimise disruption and learn through the process. Our iterative reviews and feedback helps you stay on track and achieve real operational benefits for your company. The Type 1 earns your initial CSA STAR Level Two accreditation.

CSA STAR Type 2 Audit

CSA STAR Type 2 Report

We conduct the Type 2 audits either at your pace within a defined timeline to suit your preference, or increasingly with our continuous audit practices that conduct the audits in the background throughout the year to minimise disruption and increased confidence in your compliance.

Get started your way.
We’re ready when you are!

contact us

FAQ

Your questions answered

What is CSA STAR?

The Cloud Security Alliance (CSA) has the Security, Trust, and Risk (STAR) accreditations and register to track three levels of compliance with the cloud controls matrix (CCM). 

The CCM covers 17 domains and 197 control objectives related to best practice cloud security.

What are the three levels of accreditation?

Level One accreditation is based on completing questionnaires to provide information that may or may not have been independently verified into the online CSA register for third party review. Level Two is a certification or attestation report that’s been independently audited and submitted to the CSA. Level Three is a level of continuous assurance for the higher standard of cloud security and third party assurance.

Do I need to do Level One before Level Two?

Yes, but you can do both together. Level One is a completed questionnaire that’s submitted to the CSA registry covering the same details as what’s audited for Level Two accreditation covering the cloud controls matrix. 

Do I need to comply with all 197 control objectives of the CCM?

Yes. You either need to show how your cloud security practices meet each of the 197 objectives, or substantiate why they are not applicable. The number of objectives sounds daunting but there is a lot of overlap in the controls that cover each. We see clients have an average of 220 controls to satisfy the 197 objectives. 

What are Type 1 and Type 2 reports?

A Type 1 report attests to your compliance by design. It’s a snapshot in time that can be achieved by showing you have the right systems and processes in place to satisfy the CSA STAR regulatory clauses.

A Type 2 report attests to your compliance by both design and operation over a period of time. It covers a period between 3-12 months to show your systems and processes have been operated consistently to satisfy the CSA STAR regulatory clauses.

Usually, a Type 1 report is issued first to baseline compliance. That marks the start of the live and recurring Type 2 audit periods for reports issued annually.

Does CSA STAR replace the need for SOC 2 or ISO 27001?

No. CSA STAR is designed to be complementary. Level Two accreditation conveniently offers pathways through SOC 2 or ISO 27001 so that you can leverage all of your compliance efforts on those more common standards. CSA STAR can be built on top of either SOC 2 or ISO 270001 following either a certification or attestation report approach so that it is compatible with those two global leading standards and the associated audit firm and/or certification body credentials that accredit those standards. 

Can we reduce the audit work by using a compliance platform?

Yes. Many of the controls required or expected for achieving CSA STAR are supported with automation by security compliance platforms like Drata. AssuranceLab has built the CSA STAR cloud controls matrix and associated controls for the Drata platform that can be imported and continuously monitored for our clients pursuing CSA STAR accreditation.

OTHER STANDARDS

Earn trust with other leading standards

See all frameworks →

alab-blended-audits-icon

Blended Audits

Combine two or more compliance frameworks into a single blended audit process without duplication to scale trust, not costs and effort.

READ MORE ➔
alab-hipaa-icon

HIPAA

The de facto global and best practice standard for proving secure handling of electronic protected health information (ePHI).

READ MORE ➔
alab-custom-framework-icon

Custom Frameworks

Manage any compliance obligations from customers, regulators or your own internal risk requirements with custom frameworks.

READ MORE ➔
alab-iso-27001-icon

ISO 27001

An international framework to apply a structured and best practice methodology for managing information security.

READ MORE ➔
alab-csa-star-icon

CSA STAR

A comprehensive, best practice standard for cloud security to achieve Level Two accreditation in the security, trust and risk (STAR) register.

READ MORE ➔
alab-cdr-icon

Consumer Data Right

Access consumer data in Australia’s economy-wide open data regime with Consumer Data Right accreditation.

READ MORE ➔
alab-esg-icon

ESG Reporting

A flexible and lightweight framework to report up to 500+ positive impact activities supporting environmental, social and governance (ESG) objectives.

READ MORE ➔
alab-gdpr-icon

GDPR

The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.

READ MORE ➔
alab-soc1-sox-itgc-icon

SOC 2

Trust services criteria to satisfy a broad customer base globally for security, availability, confidentiality, privacy and processing integrity.

READ MORE ➔
alab-gdpr-icon

GDPR

The global gold-standard for privacy. GDPR is regulated for personal data collected from EU citizens, and an effective framework to satisfy enterprise customers globally.

READ MORE ➔

GET IN CONTACT

Get started your way

We’re ready when you are

BOOK A CALL

Can’t wait?

Our free products help you get started without any fuss:

pillar-tab-button-normal

The always-free GRC platform that powers trust for hundreds of technology companies.

READ MORE ➔
policytree-tab-button-normal (1)

Our 40-minute policy generator; a better alternative to cookie-cutter templates.

READ MORE ➔