The Cloud Security Alliance (CSA) today announced additional details on its Open Certification Framework, an industry initiative to provide security certification for cloud providers.
The CSA Open Certification Framework has three parts. The first level is the CSA STAR Self-Assessment, in which cloud providers can submit reports to the CSA STAR Registry to demonstrate compliance with CSA best practices. The second level is known as ‘CSA Star Certification’, which requires an assessment by an independent third-party and proof the provider meets the requirements of the ISO/IEC 27001:2005 management systems standard as well as the CSA Cloud Controls Matrix (CCM). These assessments can only be performed by approved certification bodies.
The final level will involve continuous monitoring and is currently under development, according to the group. The STAR Certification level will be ready by the first half of 2013, and will be developed jointly by the CSA and the British Standards Institution (BSI).
“A key challenge the cloud industry faces is reassuring its customers that the service they provide is not only secure but can recover from any incidents with minimal disruption,” said David Brown, Director of Corporate Development at BSI, in a statement. “By adopting the Open Certification Framework, cloud service providers will benefit from reducing their risks, improving the incident recovery time and demonstrating good information governance.”
“By partnering with the CSA, we are able to combine our expertise to develop a comprehensive Framework against which cloud providers can be independently benchmarked and which encourages continual improvement to ensure customers receive the best service possible,” he said.
More information on the Open Certification Framework is available here.