Cloud Security Alliance Attestation Services and Consulting

The Cloud Security Alliance (CSA) is a nonprofit organization that is dedicated to defining best practices to help ensure a more secure cloud computing environment. In 2013, the CSA and the British Standards Institution launched the Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry in which CSPs can publish their CSA-related assessments.

CSA STAR is based on two key components of the CSA GRC Stack:

Cloud Controls Matrix (CCM): a controls framework covering fundamental security principles across 16 domains to help cloud customers assess the overall security risk of a CSP.
The Consensus Assessments Initiative Questionnaire (CAIQ): a set of more than 140 questions based on the CCM that a customer or cloud auditor may want to ask of CSPs to assess their compliance with CSA best practices.

Our Cloud Security Alliance (CSA) Services

Riskpro provides support in both types of STAR certification and attestation.

CSA Star Certification

The CSA STAR Certification is a third party assessment of the security of a cloud service provider (CSP) that leverages the requirements of the ISO/IEC 27001:2013 (ISO 27001) management system standard together with the CSA Cloud Controls Matrix (CCM).

CSA Star Attestation

The CSA STAR Attestation is a third party independent assessment of the security of a CSP. CSA STAR Attestation is a collaboration between the CSA and the American Institute of CPAs (AICPA) to provide guidance for CPA firms (or service auditors) to conduct STAR Attestations using criteria from the AICPA Trust Services Principles (TSP) and the Cloud Control Matrix (CCM). This assessment utilizes the SOC 2 framework to report on the suitability of the design and operating effectiveness of a CSP’s controls relevant to Security, Availability, Confidentiality, and the effectiveness of these controls.

CSA audits can be combined with SOC2 frameworks to issue SOC2+ audit reports.

Riskpro has conducted more than 30 SOC 2 and SSAE audits.

Contact

For more information, please contact manoj.jain@riskpro.in

More Info: 
Manoj Jain: 9833767114, manoj.jain@riskpro.in
Tags: 
Tags: 

Other Services of Interest

  • Riskpro's Service Verticals

    In today's world, risks are not few. An enterprise faces various risks and challenges and is subject to uncertainties and negative impacts from these risks. Managing risks is your key to untapped...
  • Privacy and Data Protection Services - General Data Protection Regulation (GDPR)

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Riskpro India now offers Indian companies Data Protection assessments, GDPR...
  • Risk 365 - Risk Outsourcing Redefined

    For the first time in India. A unique flat fee pricing for a large set of risk and compliance services. Why pay per assignment, per training, per SOP. Get all this at a fixed price. Let Riskpro...
  • Auditing emerging Trends - IIA and Riskpro host a joint event

    The Institute of Internal Auditors (IIA), Bombay Chapter is pleased to host "Auditing Emerging Trends" on 7th September 2018 - Friday at ‘the International by Tunga’ – MIDC, Mumbai. This event is...
  • Internal Audit and IT Audit on Temporary Basis

    Due to the importance of regulatory compliances, it has become essential that companies are able to audit the business operations effectively. To meet this growing demand, Riskpro India offers...
  • India: Data Protection Services

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Now India has its own version of Data protection regulation that will change...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Riskpro India on top of Emerging Risks that bother you

    Riskpro India is well positioned to offer advisory services for emerging risks such as Data Protection (GDPR), information security, assurance services such as Third party risk management, internal...
  • Assurance Services

    In Riskpro we believe that Internal audit function has to align its activities with business activities of any organisation to achieve its objectives. IA can be of significant value if it maintains...
  • Go to top