CSA Security Update

CSA STAR + SOC2 - From Readiness to Attestation

May 26, 2020 John DiMaria; Assurance Investigatory Fellow
CSA Security Update
CSA STAR + SOC2 - From Readiness to Attestation
Chapters
CSA Security Update
CSA STAR + SOC2 - From Readiness to Attestation
May 26, 2020
John DiMaria; Assurance Investigatory Fellow

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix.

1. What is CSA STAR & SOC2? What is CSA STAR & SOC2? 

2. What are the prevalent business drivers which lead to the necessity of obtaining a CSA STAR & SOC2 attestation?

3. Why should my business plan for a CSA STAR & SOC2 rather than react to the demand for the attestation?

Join us as we interview Audrey Katcher; partner of RubinBrown’s Business Advisory Services Group, overseeing the group’s Information Technology Risk Services. She also serves as the Open Certification Framework Working group liaison for AICPA and made a significant contribution to the STAR Attestation guidelines.

Listen as Audrey answers these questions and more regarding STAR Attestation and the assessment process.

 
 


 
 

Show Notes

As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix.

1. What is CSA STAR & SOC2? What is CSA STAR & SOC2? 

2. What are the prevalent business drivers which lead to the necessity of obtaining a CSA STAR & SOC2 attestation?

3. Why should my business plan for a CSA STAR & SOC2 rather than react to the demand for the attestation?

Join us as we interview Audrey Katcher; partner of RubinBrown’s Business Advisory Services Group, overseeing the group’s Information Technology Risk Services. She also serves as the Open Certification Framework Working group liaison for AICPA and made a significant contribution to the STAR Attestation guidelines.

Listen as Audrey answers these questions and more regarding STAR Attestation and the assessment process.