IBM Cloud® compliance: CSA STAR
Illustration showing a person interacting with a computer interface, around which are a security shield and a globe on a pedestal
What is CSA STAR?

The Cloud Security Alliance (CSA) is an independent, nonprofit organization led by a broad coalition of industry practitioners and corporations and is dedicated to promoting security across cloud computing.

CSA is the creator of the Security, Trust, Assurance and Risk (STAR) registry, a public record that documents the security and privacy controls of cloud computing providers, to help customers select providers who handle data securely.

Organizations with a Level 1 CSA STAR certification have performed a rigorous self-assessment to verify their security and privacy controls are in compliance with two different standards—ISO 27001:2013 and the CSA's Cloud Controls Matrix (CCM) criteria.

IBM position

IBM publishes its CSA STAR Level 1 Self-Assessment Consensus Assessments Initiative Questionnaires (CAIQ) annually, including self-assessments for IBM Cloud® Infrastructure (IaaS), IBM Cloud Platform (PaaS) and IBM Cloud Services (SaaS). A broad range of IBM VPC, PaaS and SaaS services have achieved CSA STAR Level 2 certification by an external third party audit firm.


The IBM Cloud services that achieved CSA STAR L2 certification by an external third party audit are listed in this document:

ISO 27001 / 27017 / 27018 / 27701 - IBM Enterprise & Technology Security (PaaS and SaaS) certified product listing (PDF, 594 KB)

Resources CSA STAR Registry

 The CSA STAR L1 listings and CSA STAR L2 certification can be found here

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs