WhaTap's first certified CSA STAR in 2024! What is it really

WhaTap's first certified CSA STAR in 2024! What is it really?

WhaTap Labs was recently listed in the CSA. CSA stands for Cloud Security Alliance. In 2013, the British Standards Institution (British Standards Institution) launched a free and publicly accessible registration program called STAR (Security, Trust & Assurance Registry) to allow CPS to post CSA related assessments. It is an international standard cloud security certification granted by a cloud-related third party after reviewing a secure cloud environment based on objective criteria centered on security, trust, assurance, and risk (STAR).

CSA offers a total of 3 levels of certificates. Would you like to check out what levels are there?

Level 1: Self-Assessment

It can be selected by providers that want to efficiently improve the trust and transparency of security programs implemented by cloud services operating in a non-hazardous environment at the level that WhaTap Labs has acquired. Self-assessments document the security controls provided by various cloud computing services, and this document can be used as a reference for evaluating the security of cloud services currently in use or considering using. However, the self-evaluation will be revised in accordance with changes in the company's policy relating to the service to be evaluated. WhaTap Labs conducted the CSA START Level 1 Self-Assessment.

Level 1 includes the following types:

Security Self-Assessment (Security Self-Assessment)

A method of documenting CCM (Cloud Controls Matrix) compliance by submitting a CAIQ (Consensus Determinism Initiative Proposal). What is WhaTap Labs' CAIQ document CSA official siteYou can check it out at

GDPR Self-Assessment (GDPR Self-Assessment)

It covers GDPR compliance for cloud services and can be used for 1 year after the relevant documentation is published in CSA.

Level 2: Third-Party Audit

Cloud services operate in medium to high level environments, or providers that already have ISO 27001, SOC 2, GB/T 22090-2008, and GDPR can choose when looking for an efficient way to ensure cloud security and privacy.

There are the following types of level 2:

STAR proof (Attestation): for SOC 2

This is proof that CSA and AICPA work together to provide the guidance required for CPAs to implement SOC 2 agreements. It uses AICPA (Trust Service Principles, AT 101) and CSA Cloud Controls Matrix criteria and provides cloud service providers with independent third-party assessments.

STAR Certification (Certification): for ISO/IEC 27001

It is a certification based on a technology-neutral independent assessment by a third party that strictly conducts the cloud service provider's security system. It leverages the requirements of the ISO/IEC 27001 management system standard with the CSA Cloud Controls Matrix.

C-STAR: For the Greater China market

It is a certification where a strong third party independently assesses the security of cloud services for the Greater China market, taking into account CSA best practices and Chinese national standards. C-STAR, along with the CSA Cloud Controls Matrix, leverages the requirements of the GB/T 22080-2008 management system standard and 29 related controls selected from GB/T 22239-2008 and GB/Z 28828-2012.

Level 3: Continuous Auditing (Monitoring)

Since the CSA does not finalize the screening criteria and continues to define them, there is no certification that can clearly determine compliance. However, cloud service providers must design and operate programs to provide regular audits of items related to security and control of the services they provide, which can meet common audit requirements across multiple industries and workloads.

To obtain CSA STAR Level 1, you must complete CAIQ, a security self-assessment document. This document can be downloaded from the CSA STAR official website and is currently the latest version, v4.0.2, which was published on September 13, 2021.

You cannot change the order or format of the document; you can only modify columns C, D, E, and F. Columns C and D are mandatory, and columns E and F are optional; it is OK to enter only part of them.

The completed CAIQ document is posted on the CSA STAR Registry and can be viewed by anyone around the world. It must be written in English only and must be written accurately based on the self-assessment.

The creation of a CSA organization is required in order to submit this document. To create an organization, the following information is required, all of which must be written in English.

The names of organizations and cloud services that will be listed in the STAR registry
URLs for organizations and cloud services
Description of organizations and cloud services

Once the organization is registered and approved with this information, you can register for a self-assessment.

Once completed CAIQ documents are submitted, organizations and services are registered and published in CSA STAR.

Under normal circumstances, it will be published within 1 business day, but it may take up to 5 business days due to manual review of submitted CAIQ documents. Registered CSA STAR STAR REGISTRYYou can check it out at

In addition, WhaTap Labs has obtained ISO27001, 27017, and 27018, and also has domestic CSAP certification. WhaTap Labs will continue to do its best to create services that customers can use safely.

Table of contents