WHO WE ARE
StarAudit is a global program - provided by EuroCloud Europe - with an international network of accredited partners and professionals. EuroCloud Europe is an independent non-profit organisation (www.eurocloud.org).
StarAudit facilitates the growth of cloud-based services and innovations worldwide.
StarAudit’s areas of activity are: Trust in Cloud, Awareness Programmes, Data Privacy Compliance, Knowledge Transfer, Start Up Encouragement, Standards and Interoperability, Legal Framework Harmonisation.
StarAudit offers a certification scheme to establish trust in cloud services both on the customer and the user side.
The purpose of the StarAudit scheme is to provide accountable quality assessment of cloud services through a transparent and reliable certification process.
StarAudit’s other main focus is to enable knowledge transfer to IT, legal and procurement professionals. An accreditation process featuring high-value training services is available to individuals who need these new skills to be successful in their professional carrier.
- To deliver a framework, assessments and a certificate as meaningful selection tools for customers who want to use trustworthy cloud services.
- To reduce the need for costly individual assessments.
- To provide a valuable instrument with a high level of transparency and guidance for customers and providers alike.
- To enable an efficient process of knowledge transfer and accreditation.
It is a challenge to select the best cloud provider for your needs from among the many competitors and offerings on the market.
Cloud services are frequently provided in highly complex configurations unrelated to the location of user and provider. For example, to maintain data sovereignty, it may be necessary to determine whether the software service of a provider in the same country as the user’s sources certain facilities (such as computing and storage capacity) abroad, thus making it subject to special data protection and fiscal requirements.
The StarAudit scheme evaluates cloud services according to a well-defined and transparent catalogue of criteria. The result of this audit process shows the respective maturity and compliance levels of a service.
The certification procedure is based on best practices and provides answers to the fundamental questions managers are likely to ask when looking for a suitable cloud service provider. Unlike pure security or data protection audits, it covers the entire range of cloud service functions and validates compliance against the requirements in clearly understandable terms.
WHAT FACTORS NEED TO BE ADDRESSED WITHIN A CLOUD CERTIFICATION?
- Security Assessment
- Data privacy assessment
- Cloud-specific assessment
- Legal compliance assessment
- Complete cloud supply chain covered
- Common scope - no negotiations
- A mature certification scheme specifically designed to assess cloud services.
- Assessment levels applicable to various use-cases, suitable not only for large enterprises but also for SME-type cloud providers.
- Evaluation procedures to perform assessments against requirements covering all participants in the supply chain of a cloud service.
- Establishment of a common language between customer and supplier in order to avoid misunderstandings about the desired or offered quality of a cloud service.
- The possibility to fine-tune the necessary maturity level in any specification detail, thereby enabling precise differentiation and selection of services matching the customer’s specific use case.
- Ability to add company-, sector- or country-specific catalogues of requirements that focus on specific needs and expectations beyond the baseline specifications.
- Transparent and comprehensive – all information published in a single place.
- Provides an easy-to-use assessment tool that can be used internally to discover gaps, but also for self-assessment and even for auditing purposes.
- A global ecosystem of partners for various business models. Training for cloud service partners and customers.
STARAUDIT IN DETAIL
StarAudit is a mature certification scheme, especially designed to assess cloud services.
StarAudit evaluates a cloud service against its audit scheme requirements and covers all participants in the specific supply chain of a cloud service.
StarAudit relies on a non-negotiable mandatory bandwidth of all important areas of a cloud service:
- StarAudit In Detail
- Environment and technical infrastructure
- Contract and compliance including data privacy protection against local law
- Interoperability and data portability
- Relevant parts of the application and implementation
- Provider‘s profile
StarAudit features a modular structure and offers three maturity levels. Similar to the familiar hotel classification, the audited cloud service is assigned “stars” from *** up to *****. Therefore, StarAudit is suitable not only for large enterprises, but can also be applied to SME-type cloud providers.
If a cloud service matches the StarAudit criteria, the StarAudit certificate is granted.
As long as no changes are made to the cloud service profile and assessment areas, the certificate is valid for three years (annual checkup obligatory).
The StarAudit certificate is a meaningful selection tool for customers who want to use trustworthy cloud services, reducing the need for costly individual audits.
StarAudit is a joint activity performed by the StarAudit partners within an ecosystem. StarAudit represents a valuable instrument with a high level of transparency and guidance for customers and providers alike.
WHAT IS REALLY IMPORTANT?
All criteria of the certification scheme must be publicly available.
Strict separation between the work of the certification authority and the certification business (audit, training, consulting organisations).
Complete independence of the certification authority: Freedom from any kind of unbalanced or non-transparent influence by industry, members, sponsors or government organisations.
The StarAudit is suitable for any company operating an Infrastructure (IaaS), Platform (PaaS) or Software (SaaS) Cloud Service. The certificate is a meaningful selection tool for the user. The audit aims to establish a high level of security and transparency for users and providers alike.
The StarAudit program has been classified as high quality certification system, according to a study by Booz and FTZ, published by the Federal German Ministry of Economics.
StarAudit is working close together with ETSI and ENISA on European Level to harmonize the criteria for trusted cloud computing.
CLOUD CERTIFICATION SCHEMES LIST
CCSL - the Cloud Certification Schemes List – by ENISA gives an overview of different existing certification schemes including StarAudit.
StarAudit is publishing 100% of the content of the StarAudit Catalogue online. This is to facilitate a broad understanding about the StarAudit and a clear view about the scope and the quality level a Service provider that has been StarAudit-certified has achieved.