The Inner Circle

 View Only
  • 1.  Submit to the STAR Registry

    Posted Oct 11, 2021 08:36:00 AM
    STAR is the industry's most powerful program for security assurance in the cloud. It is a publicly accessible registry of cloud service providers that encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the CCM. Publish to the registry to:
    - Demonstrate to customers your security and compliance posture
    - Alleviate the need for multiple customer questionnaires

    Learn more and submit to the STAR registry here: https://csaurl.org/9e36gp

    #CloudSecurity #securityassessment #securitycompliance

    ​​​​

    ------------------------------
    Orbert .
    ------------------------------


  • 2.  RE: Submit to the STAR Registry

    Posted Oct 12, 2021 12:45:00 PM
    Absolutely agree!

    If a potential vendor does not have a listing on STAR, I ask why not?

    Sai Honig, CISSP, CCSP

    Sent from my iPad




  • 3.  RE: Submit to the STAR Registry

    Posted Oct 13, 2021 01:59:00 PM

    Hi Sai,

    I would encourage you to ask the potential vendor if they have filled out the Consensus Assessment Initiative Questionnaire (CAIQ). There are many vendors who have actually filled this out but may not have listed it on the registry yet. In the event that the vendor has not completed the CAIQ or you don't see them listed on the registry, you can submit a request to have them verified. Download this letter template and send it to your CSP or security provider.

    Let me know if you have any more questions.

    Best,

    Courtney



    ------------------------------
    Courtney Keogh
    Membership Manager
    CSA
    ------------------------------



  • 4.  RE: Submit to the STAR Registry

    Posted Oct 14, 2021 02:36:00 PM
    Oh I ask about the CAIQ! However, I get a lot of blank stares back.

    Sai Honig

    Sent from my iPad




  • 5.  RE: Submit to the STAR Registry

    Posted Oct 19, 2021 11:29:00 AM
      |   view attached
    In that case, knowledge is power! The attached letter is a great way to orient your potential service provider to the STAR program.

    ------------------------------
    Courtney Keogh
    Membership Manager
    CSA
    ------------------------------

    Attachment(s)



  • 6.  RE: Submit to the STAR Registry

    Posted Oct 13, 2021 02:57:00 AM
    CSA STAR a single source of truth (SSOT).




    ------------------------------
    John B. Oseh
    Information Security Consultant
    Handelsbanken
    ------------------------------



  • 7.  RE: Submit to the STAR Registry

    Posted Oct 13, 2021 10:52:00 AM
    As I review vendors for my company, a record in STAR is very important to me as it allows me to understand the security posture of the vendor in a way that indicates their security practices as well as their approach to security. The cross-reference to other standards, such as ISO27001 and SOC2 is very valuable.

    ------------------------------
    Michalis Kamprianis
    Director Cyber Security
    Hexagon Manufacturing Intelligence
    ------------------------------