Freely subscribe to our NEWSLETTER

Ribose is the first and only cloud service provider worldwide that has successfully completed a Service Organization Control (SOC) 2 assessment using criteria from the American Institute of Certified Public Accountants (AICPA) Trust Service Principles and the CSA Cloud Controls Matrix 3.01, according to AICPA’s Attest Engagement AT Section 101.

“Transparency has always been a significant part of the CSA’s mission and, in doing so, we are constantly strengthening our guidelines and standards to help providers give their customers confidence and assurance when it comes to cloud computing,” said Jim Reavis, CEO of the CSA. “Since its introduction, the CSA STAR program has played a critical role to encourage transparency of security practices within cloud providers. We would like to congratulate Ribose on this achievement and their commitment to providing a safe, secure collaboration platform. We would also like to recognize EY for performing the assessment and staying on the leading edge of cloud security best practices for its clients.”

CSA STAR is the industry’s most powerful program for assurance in the cloud and encompasses key principles of transparency, rigorous auditing, harmonization of standards, and eventually continuous monitoring. As the first step in improving transparency, it is designed to recognize the varying assurance requirements and maturity levels of providers and consumers. It is used by customers, providers, industries and governments around the world to assess the security of the cloud providers they currently use or are considering contracting with. STAR consists of three levels of assurance, CSA STAR Self-Assessment, CSA STAR Certification and Attestation, and CSA STAR Continuous Monitoring. All offerings are based upon the CSA’s succinct, yet comprehensive list of cloud-centric control objectives in the CCM. CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations.

Vincent Chan, EY’s Advisory Services Leader, Hong Kong & Macau, says: “EY is proud to be the first firm globally to achieve the CSA STAR Attestation for a client, Ribose. The recognition is significant as we continue to build our expertise around helping cloud service providers (CSPs) prepare for and obtain cloud certifications, and help companies get ready to move into the cloud.”

Ronald Tse, founder of Ribose, and member of the CSA’s International Standardization Council, says: “STAR Attestation provides cloud customers with an unparalleled level of assurance and verified transparency. This is the strongest cloud compliance scheme available to date – combining the depth of AICPA’s SOC engagements with the comprehensive cloud security coverage of the CCM. We consider this the most powerful way to convince customers: by showing an attestation report issued by an international auditing firm, fully listing all the organization’s controls with their design and operational effectiveness described in detail, covering all criteria of TSP 100 and CCM 3.0.1.”

Tse continues on to say, “Ribose has always been a strong supporter of CSA initiatives. We were the first CSP to adopt and achieve STAR Certification to the newly released CCM 3.0 and 3.0.1 standards through BSI, and now the first CSP globally to achieve STAR Attestation through EY. We look forward to working with CSA in building an increasingly secure and responsible cloud industry.”

The CSA has seen tremendous growth in STAR, with more than 90 entries from major cloud players around the world, including Alibaba, Amazon Web Services, Box.com, Dropbox, HP, Microsoft, Red Hat, Telecom Italia and Terremark. These cloud providers recognize the need to provide transparency and assurance of their cloud services to corporations and end users, who are increasingly requesting visibility into the security controls provided by various cloud computing offerings. The CSA STAR is open to all cloud providers.