An organization (tenant) wishing to engage a cloud service provider can visit CSA’s STAR Register and check the STAR Registry Entries. Major cloud service providers like Amazon Web Services, HP, Microsoft and Symantec have submitted their self assessment questionnaires (Consensus Assessment Initiative Questionnaire). Tenants can download for free, the self assessment questionnaires filled in by the service providers and can make an informed choice.
In case a cloud service provider is not listed in the register, tenant can download the questionnaire (downloadable excel worksheet) with about 140 questions covering various domains including Information security, HR security, BCP, compliance, legal, governance, security architecture, facility security and operations management. This questionnaire may be forwarded to the vendors to give their feedback. Based on the feedback, the tenant can finalize a cloud service provider. In case the tenant is planning to host very critical and confidential information on the cloud, it may insist the service provider to submit third party certification based on CSA’s Cloud Controls Matrix.
For STAR Registry Entries visit:
For Consensus Assessment Initiative Questionnaire visit:
For Cloud Controls Matrix visit: