THE CHALLENGE
It is a challenge to select the best cloud provider for your needs from among the many competitors and offerings on the market.
Cloud services are frequently provided in highly complex configurations unrelated to the location of user and provider. For example, to maintain data sovereignty, it may be necessary to determine whether the software service of a provider in the same country as the user’s sources certain facilities (such as computing and storage capacity) abroad, thus making it subject to special data protection and fiscal requirements.
The StarAudit scheme evaluates cloud services according to a well-defined and transparent catalogue of criteria. The result of this audit process shows the respective maturity and compliance levels of a service.
The certification procedure is based on best practices and provides answers to the fundamental questions managers are likely to ask when looking for a suitable cloud service provider. Unlike pure security or data protection audits, it covers the entire range of cloud service functions and validates compliance against the requirements in clearly understandable terms.
WHAT FACTORS NEED TO BE ADDRESSED WITHIN A CLOUD CERTIFICATION?
- Security Assessment
- Data privacy assessment
- Cloud-specific assessment
- Legal compliance assessment
- Complete cloud supply chain covered
- Common scope - no negotiations
STARAUDIT ADVANTAGES
- A mature certification scheme specifically designed to assess cloud services.
- Assessment levels applicable to various use-cases, suitable not only for large enterprises but also for SME-type cloud providers.
- Evaluation procedures to perform assessments against requirements covering all participants in the supply chain of a cloud service.
- Establishment of a common language between customer and supplier in order to avoid misunderstandings about the desired or offered quality of a cloud service.
- The possibility to fine-tune the necessary maturity level in any specification detail, thereby enabling precise differentiation and selection of services matching the customer’s specific use case.
- Ability to add company-, sector- or country-specific catalogues of requirements that focus on specific needs and expectations beyond the baseline specifications.
- Transparent and comprehensive – all information published in a single place.
- Provides an easy-to-use assessment tool that can be used internally to discover gaps, but also for self-assessment and even for auditing purposes.
- A global ecosystem of partners for various business models. Training for cloud service partners and customers.
STARAUDIT IN DETAIL
StarAudit is a mature certification scheme, especially designed to assess cloud services.
StarAudit evaluates a cloud service against its audit scheme requirements and covers all participants in the specific supply chain of a cloud service.
StarAudit relies on a non-negotiable mandatory bandwidth of all important areas of a cloud service:
- StarAudit In Detail
- Environment and technical infrastructure
- Security
- Contract and compliance including data privacy protection against local law
- Operations
- Processes
- Interoperability and data portability
- Relevant parts of the application and implementation
- Provider‘s profile
StarAudit features a modular structure and offers three maturity levels. Similar to the familiar hotel classification, the audited cloud service is assigned “stars” from *** up to *****. Therefore, StarAudit is suitable not only for large enterprises, but can also be applied to SME-type cloud providers.
If a cloud service matches the StarAudit criteria, the StarAudit certificate is granted.
As long as no changes are made to the cloud service profile and assessment areas, the certificate is valid for three years (annual checkup obligatory).
The StarAudit certificate is a meaningful selection tool for customers who want to use trustworthy cloud services, reducing the need for costly individual audits.
StarAudit is a joint activity performed by the StarAudit partners within an ecosystem. StarAudit represents a valuable instrument with a high level of transparency and guidance for customers and providers alike.