The Cloud Security Alliance (CSA) is an independent, nonprofit organization led by a broad coalition of industry practitioners and corporations and is dedicated to promoting security across cloud computing.
CSA is the creator of the Security, Trust, Assurance and Risk (STAR) registry, a public record that documents the security and privacy controls of cloud computing providers, to help customers select providers who handle data securely.
Organizations with a Level 1 CSA STAR certification have performed a rigorous self-assessment to verify their security and privacy controls are in compliance with two different standards—ISO 27001:2013 and the CSA's Cloud Controls Matrix (CCM) criteria.
IBM publishes its CSA STAR Level 1 Self-Assessment Consensus Assessments Initiative Questionnaires (CAIQ) annually, including self-assessments for IBM Cloud® Infrastructure (IaaS), IBM Cloud Platform (PaaS) and IBM Cloud Services (SaaS). A broad range of IBM VPC, PaaS and SaaS services have achieved CSA STAR Level 2 certification by an external third party audit firm.
The IBM Cloud services that achieved CSA STAR L2 certification by an external third party audit are listed in this document: