720-891-1663
If you are a cloud based software as a service provider, you want to assure your customers that you are protecting their information.
The Cloud Security Alliance (CSA) has created a standard which allows you to publicly display your security profile. They call it the CSA STAR program.
If this makes sense to you, we recommend that you start with a STAR pre-assessment. Unlike the next step, STAR Level 1, these results are not publicly published. This allows you to get ready for Level 1 without exposing any weaknesses. Once we have completed this, we will create a plan of action to mitigate any issues and work with you to mitigate them.
The next step is STAR Level 1. This is a self assessment that we will work with you to complete and upload. This is the first time that you will make your security controls public. This is your way of saying that we take security seriously.
The final step in the STAR program is level 2. Under Level 2, we review the statements that you make about your security program and attest to the completeness and accuracy of what you are saying.
For both Level 1 and Level 2, your answers (and for level 2, our attestation) are publicly available to anyone who visits the CSA web site. This is very different than, say, an AICPA SOC audit, which is private and only released under a non-disclosure agreement. That NDA says, basically, we really don't want anyone to know about our security program. The STAR program says, instead, we are very proud of our security program and, at a high level, here are all the things that we are doing to protect your information.
If you are ready to do a pre-assessment or want to learn more about the program, please contact us. 720-891-1663