Cloud Security Alliance Expands Star Provider Certification Into China

Guangzhou, CHINA, June 15, 2015 – The Cloud Security Alliance® (CSA) today announced the launch of CSA C-STAR Assessment, a technology-neutral assessment that leverages Chinese national standards to give customers a greater understanding of the security posture of cloud providers. Along with the launch, CSA announced that China-based Huawei and Bluedon, as well as Hong Kong-based Ribose are in the process of achieving C-STAR certification.

CSA C-STAR Assessment is the latest offering of the CSA’s Security, Trust and Assurance Registry (STAR) family, the world’s leading cloud provider assurance program. Joining CSA STAR’s self-assessment, ISO 27001 and SOC-2 products, C-STAR Assessment harmonizes CSA’s globally adopted cloud security framework with Chinese national standards, providing cloud providers and consumers with a trusted security benchmark. C-STAR’s independent assessment methodology establishes a robust security baseline for cloud providers and a roadmap for continuous improvement in security maturity.

“Organizations that outsource to cloud service providers often have a number of concerns about the security of their data and information,” said Aloysius Cheang, Managing Director of APAC for the Cloud Security Alliance. “By using the CSA C-STAR Assessment, cloud providers of every size, throughout the Greater China region, will be able to give customers a better understanding of their security management procedures.

We are pleased that leading cloud providers in the region are already achieving their certification, and look forward to expanding the number of certified providers in the coming months.”

The Managing Director of CEPREI, the Chinese national certification body, Mr. Zhao Guoxiang mentioned, ”CEPREI developed C-STAR based on CSA research results together with experience accumulated from more than 10 years of information security management work. As the first internationally aligned cloud security assessment in China, C-STAR is highly recognized by renowned corporations like Huawei, Bluedon and Ribose, and has gained nationwide attention in the cloud computing industry.”

Mainly used in the Greater China area, C-STAR is a rigorous third party independent assessment of the security management of a cloud service provider. C-STAR leverages the requirements of the GB/T 22080-2008 management system standard together with the CSA Cloud Controls Matrix. The C-STAR Assessment is based on GB/T 22080-2008 and the specified set of criteria outlined in the Cloud Controls Matrix, plus related requirements of GB/T 22239-2008 and GB/Z 28828-2012. C-STAR’s close alignment with the other STAR portfolio products provides a strong assurance bridge for Chinese cloud providers seeking to do business internationally and for international cloud providers seeking opportunities within China.

The Cloud Security Alliance C-STAR Assessment complies with all of the China national requirements and provides flexible solutions to senior management to show where the risks, threats and opportunities lie within a business.

For more information about the Cloud Security Alliance C-STAR Assessment, please visit