My IBM Log in
IBM Cloud® compliance: CSA STAR

IBM Cloud® compliance: CSA STAR

Illustration showing a person interacting with a computer interface, around which are a security shield and a globe on a pedestal

What is CSA STAR?

The Cloud Security Alliance (CSA) is an independent, nonprofit organization led by a broad coalition of industry practitioners and corporations and is dedicated to promoting security across cloud computing.

CSA is the creator of the Security, Trust, Assurance and Risk (STAR) registry, a public record that documents the security and privacy controls of cloud computing providers, to help customers select providers who handle data securely.

Organizations with a Level 1 CSA STAR certification have performed a rigorous self-assessment to verify their security and privacy controls are in compliance with two different standards—ISO 27001:2013 and the CSA's Cloud Controls Matrix (CCM) criteria.

IBM position

IBM position

IBM publishes its CSA STAR Level 1 Self-Assessment Consensus Assessments Initiative Questionnaires (CAIQ) annually, including self-assessments for IBM Cloud® Infrastructure (IaaS), IBM Cloud Platform (PaaS) and IBM Cloud Services (SaaS). A broad range of IBM VPC, PaaS and SaaS services have achieved CSA STAR Level 2 certification by an external third party audit firm.

Services

The IBM Cloud services that achieved CSA STAR L2 certification by an external third party audit are listed in this document:

ISO 27001 / 27017 / 27018 / 27701 - IBM Enterprise & Technology Security (PaaS and SaaS) certified product listing (PDF, 594 KB)

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs