About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
IBM Cloud® compliance: CSA STAR
What is CSA STAR?
The Cloud Security Alliance (CSA) is an independent, nonprofit organization led by a broad coalition of industry practitioners and corporations and is dedicated to promoting security across cloud computing.
CSA is the creator of the Security, Trust, Assurance and Risk (STAR) registry, a public record that documents the security and privacy controls of cloud computing providers, to help customers select providers who handle data securely.
Organizations with a Level 1 CSA STAR certification have performed a rigorous self-assessment to verify their security and privacy controls are in compliance with two different standards—ISO 27001:2013 and the CSA's Cloud Controls Matrix (CCM) criteria.
IBM publishes its CSA STAR Level 1 Self-Assessment Consensus Assessments Initiative Questionnaires (CAIQ) annually, including self-assessments for IBM Cloud® Infrastructure (IaaS), IBM Cloud Platform (PaaS) and IBM Cloud Services (SaaS). A broad range of IBM VPC, PaaS and SaaS services have achieved CSA STAR Level 2 certification by an external third party audit firm.