top of page

CSA STAR Consulting


CSA STAR Consulting

CSA STAR Consulting Services

Consulting services for CSA STAR compliance

Consulting services for CSA STAR compliance

CSA-STAR stands for Cloud Security Alliance (CSA) – Security, Trust & Assurance Registry (STAR). It was developed as a standard in late 2011 to increase provider transparency and confidence in the use of the system. The CSA-STAR cloud is a public registry that identifies various cloud security controls. Different service providers allow users who want to contract or use cloud services to assess their provider's security to suit their needs. CSA-STAR is an optional cloud-based security standard. In addition to the security standard of ISO/IEC 27001, the CSA-STAR standard focuses primarily on the security of cloud services. Compliance with applicable laws and regulations or data privacy is only a component of obtaining CSA-STAR certification; cloud service providers must establish ISO/IEC 27001 and implement an additional Cloud Control Matrix (CCM).


CSA-STAR Certificate is divided into three levels:

1. STAR Self Assessment: Self-assessment results must be disclosed from the CSA Consensus Assessment Initiative (CAI) and Cloud Control Matrix (CCM) questionnaires.

2. STAR Certification/Attestation: Assessment results must be disclosed by 3rd Party using CCM and ISO27001 or AICPA SOC2.

3. STAR Continuous: Continuously disclose the results of their cloud security audits and assessments using the Cloud Trust Protocol (CTP).​

AlphaSec provides the following consulting procedures for organizations to comply with CSA STAR standards:



Project Initiation, Control Check

  1. Project Kick-off Meeting

  2. Study the system information in the scope. (Understanding Context)

  3. Evaluate control measures according to CAIQ (Consensus Assessment Initiative Questionnaire) LEVEL 1

  4. Summary of operations to be performed



Develop Policies and Supporting Documents

  1. Conduct a review of security policy documents and procedures.

  2. Consulting on improving relevant security documents and measures to comply with the requirements of the CSA STAR standard.

  3. Determine the Risk Assessment Approach

  4. Submit a template document and supporting information for the risk assessment.

  5. Review the results of the risk assessments conducted by the agency. as well as give suggestions for improvement

  6. Provide system recommendations or solutions to security issues



Operate the CSA STAR

  1. Consulting the agency To implement cloud security control measures



Internal CSA STAR Audit, Management Review and Corrective Action Activities

  1. Conduct an internal audit

  2. Provide advice on the selection of auditors (Internal Auditor), conduct an audit plan (Audit Plan), prepare an audit list (Audit Checklist), and prepare an audit report (Audit Report).

  3. Observe the monitoring activities of the CSA STAR system performed by the internal auditors. as well as give suggestions for improvement

  4. Providing advice on organizing a CSA STAR system review meeting by the management (Management Review Meeting)

  5. Advise on implementing CSA STAR monitoring results and management recommendations from the CSA STAR Review Meeting for corrective and preventive actions.



Finalize and Improve the CSA STAR

  1. Organize a team meeting Before the CSA STAR (Certification Audit) certification to prepare for the final preparation for obtaining a system certification



Provide Assistance during CSA STAR Certification Audit

  1. Consulting on cloud security management To be certified according to the CSA STAR

  2. Provide various support during the certification process.

  3. Consultation on debugging of cloud security management system (if any)

  4. Conduct conclusions and recommendations after the certification audit.

Scope of Action
bottom of page