Here is the honest situation. CSA STAR is how cloud providers demonstrate security assurance, from a CAIQ self-assessment on the public STAR Registry, to third-party STAR Certification against ISO 27001 or STAR Attestation against SOC 2, to continuous auditing. It runs on the Cloud Controls Matrix, seventeen domains from governance and IAM to cryptography, application security, resilience and supply chain, all under a shared responsibility model. Building those controls and evidencing every CAIQ answer is real work, and a provider whose CAIQ says yes but cannot show the evidence is exactly where cloud providers fall short.
This Kit removes that build. It is every STAR and Cloud Controls Matrix expectation written as an adopt-ready control you personalize in a weekend, with the evidence a STAR assessor examines.
What you get, the moment you buy
Grounded in the CSA STAR program and the Cloud Controls Matrix, with the CAIQ, the three assurance levels (self-assessment, certification/attestation, continuous auditing), the CCM domains and the shared responsibility model called out. Editable Word and Excel files.
What one control looks like
This is the STAR program, the CAIQ and the assurance levels, where STAR begins. All 36 are built to this depth.
Why this is not another template pack
- The evidence is the point. A control you cannot evidence fails an assessment and a customer's due diligence. This tells you what a STAR assessor examines and where providers fall short, for every control.
- The CCM domains and shared responsibility built in. The Cloud Controls Matrix domains and the shared responsibility model are written into the controls, so ownership between provider and customer is explicit.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. The CCM maps to ISO 27001, SOC 2 and other frameworks, so this work feeds your wider certification program.
Who buys this
Cloud service providers pursuing STAR, and the customers and security, compliance and cloud leads who own it. Whether it is a first CAIQ self-assessment or a push to certification, you save weeks and walk in with the CCM controls and evidence structured.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
What are the STAR levels? Level 1 self-assessment via CAIQ, Level 2 third-party certification or attestation, and continuous auditing. The kit supports all three.
Is it based on the Cloud Controls Matrix? Yes. The controls are grounded in the CCM domains and the CAIQ, with the shared responsibility model throughout.
Does it help toward ISO 27001 or SOC 2? Yes. STAR Certification builds on ISO 27001 and STAR Attestation on SOC 2, and the CCM maps across, so the work is reusable.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com