Regulatory Compliance, Certifications & Attestations
Cloudstar’s cyber security, data center, and operational controls help our customers meet a wide variety of regulatory requirements.
All compliance examinations and attestations are conducted by A-LIGN one of the only companies in the world that is a licensed CPA firm, Qualified Security Assessor Company (QSAC), accredited ISO 27001 certification body, certified HITRUST Assessor firm, and accredited FedRAMP 3PAO.
SOC 2 Type 2
SOC attestation standards are issued by the American Institute of Certified Public Accountants (AICPA). The SSAE-18 SOC 2 report is intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy.
This report requires specific alignment with the relevant principles and provides valuable 3rd-party validation that the company is meeting all the criteria contained in the relevant principles.
Cloudstar’s SSAE-18 SOC 2 Type 2 and SOC 3 reports are inclusive of the SysTrust and WebTrust frameworks and may be provided to customers upon written request.
To help our customers with compliance and reporting, Cloudstar shares certain information about our operations, procedures, and controls as they pertain to both company operations, systems and data centers. The SOC 3 attestation standards are issued by the American Institute of Certified Public Accountants (AICPA). The SOC 3 is publicly available for download and review.
Delivering a Higher Level of Assurance
SysTrust uses several criteria as the basis for performing the SysTrust evaluation:
- Security. Ensures systems are safe from all forms of unauthorized access, whether internal or external or physical or intellectual. Procedures are audited to ensure platforms are continually monitored the latest and most effective safety measures.
- Availability. Ensures systems remain available and operation in accordance to commitments and service legal agreements.
- Processing Integrity. Ensures system processing and operations are complete, accurate, timely, and properly authorized.
- Confidentiality. Ensures documented procedures are in place, followed, tested and audited to ensure customer data confidentiality.
- Privacy. Ensures documented procedures are in place, followed, tested and audited, to ensure data privacy
WebTrust criteria bring to focus to the following three pieces of information:
- Integrity. Procedures to provide the best and most consistent system processing, making sure each transactions are complete, accurate, timely, and authorized.
- Security. Procedures, methods and protocols to ensure systems are kept system safe by following the most current security trends to guard against any potential threats. to your business’s system against various threats.
- Availability. Procedures, methods and protocols so as to ensure up-time and availability of both the company operations and information systems.
Cloudstar Data Center Attestations
Cloudstar data centers have achieved the International Organization for Standardization certification (ISO 27001) covering both corporate policies and procedures, and data center operations. The ISO/IEC 27001:2013 certification is one of the most stringent certifications for information security controls, and confirms the information security controls and other forms of risk treatment are in place to detect and defend against potential data system vulnerabilities.
Each year, a Quality Service Assessor (QSA) completes an external assessment to validate our data centers’ compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) as a “Level 1” service provider. The scope of the assessment includes physical security and related policies at our data center facilities.
The PCI DSS is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes.
Each year, an independent Third Party Assessment Organization (3PAO) firm completes an external assessment to validate our data ceners’ strict adherence to the National Institute of Standards and Technology Publication Series 800-53 (NIST 800-53) high-impact baseline controls and additional Federal Risk and Authorization Management Program (FedRAMP) requirements. The scope of the assessment includes a subset of control families applicable to colocation services at our data center facilities. The utilization of the high-impact baseline controls for NIST 800-53 reflects the commitment of our data center partners to successfully deliver the most rigorous compliance standards in support of the Federal Information Security Management Act (FISMA) and FedRAMP compliance efforts.
NIST 800-53 is a publication that recommends security controls for federal information systems and organizations. NIST 800-53 is published by the National Institute of Standards and Technology which creates and promotes the standards used by federal agencies to implement FISMA and manage other programs designed to protect information and promote information security..