Click here to close now.




















Welcome!

News Feed Item

BrightLine to Provide CSA STAR Attestation

BrightLine First and Only Firm to Provide STAR Certification and STAR Attestation

TAMPA, FL--(Marketwired - July 29, 2014) - Today, the Cloud Security Alliance (CSA) and the American Institute of CPAs (AICPA) issued the guidelines for CPA's who plan on conducting Service Organization Controls (SOC) 2 engagements in conjunction with the CSA's Cloud Control Matrix (CCM). This new hybrid attestation standard is known as the CSA Security and Trust & Assurance Registry (STAR) Attestation. Along with that, the CSA website now includes a listing of approved firms for STAR Attestation, which includes BrightLine. In addition, BrightLine has also been approved to provide STAR Certification services to clients. 

Organizations that outsource services to cloud service providers (CSPs) have a number of concerns regarding the security of their data and information. In the last year, the CSA STAR program has been enhanced, and moved from a self-assessment process to a certification program including the STAR Certification which is closely aligned with the ISO 27001 standard and performed by an ISO certification body. The new STAR Attestation program was developed to create an alternative path to STAR Certification utilizing the AICPA SOC 2 framework. The assessments must be performed by a licensed CPA firm where professionals have attained the CCSA Certificate of Cloud Security Knowledge (CCSK).

"The type of assurance vehicles utilized by cloud providers have historically been driven by their customers' industry and/or geographic preferences. Some of BrightLine's clients undergo SOC examinations, some ISO certification, and many both," stated Doug Barbin, Principal and cloud security leader at BrightLine. "The STAR Attestation program allows providers who have traditionally looked to SOC 2 examinations to provide assurance to their customers the ability to enhance that assurance through an integration of the CCM control set."

A licensed CPA firm and early adopter of the CCSK certification, BrightLine performs hundreds of SOC 2 examinations for CSPs annually. As an ISO and CSA STAR approved certification body, BrightLine is also the only firm providing CSPs with the ability to pursue the STAR Attestation and/or STAR Certification.

The CSA STAR Program is designed to recognize the varying assurance requirements and maturity levels of providers and consumers, and is recognized by customers, providers, industries and governments around the world. Further information about CSA guidelines regarding STAR Attestation is available at the Cloud Security Alliance website.

TWEET THIS:
@brightlinecpas first and only CPA firm providing CSA STAR Certification and Attestation @cloudsa #CSASTAR

ABOUT BRIGHTLINE

BrightLine CPAs & Associates, Inc. is a global provider of assurance and compliance services. As the first and only firm in the world fully accredited to provide a suite of services that includes SSAE 16 (SOC 1) examinations, SOC 2 Examinations, PCI DSS compliance validation, ISO 27001 certification, FedRAMP authorization, CSA STAR Certification and Attestation, BrightLine offers clients the unique opportunity to achieve multiple compliance objectives through a single third party assessor. For further information, please visit www.BrightLine.com.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Learn what is going on, contribute to the discussions, and e...
To support developers and operations professionals in their push to implement DevOps principles for their infrastructure environments, ProfitBricks, a provider of cloud infrastructure, is adding support for DevOps tools Ansible and Chef. Ansible is a platform for configuring and managing data center infrastructure that combines multi-node software deployment, ad hoc task execution, and configuration management, and is used by DevOps professionals as they use its playbooks functionality to autom...
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, discussed why containers should be paired with new architectural practices such as microservices rathe...
Containers are not new, but renewed commitments to performance, flexibility, and agility have propelled them to the top of the agenda today. By working without the need for virtualization and its overhead, containers are seen as the perfect way to deploy apps and services across multiple clouds. Containers can handle anything from file types to operating systems and services, including microservices. What are microservices? Unlike what the name implies, microservices are not necessarily small,...
ElasticBox, the agile application delivery manager, announced freely available public boxes for the DevOps community. ElasticBox works with enterprises to help them deploy any application to any cloud. Public boxes are curated reference boxes that represent some of the most popular applications and tools for orchestrating deployments at scale. Boxes are an adaptive way to represent reusable infrastructure as components of code. Boxes contain scripts, variables, and metadata to automate proces...
Puppet Labs is pleased to share the findings from our 2015 State of DevOps Survey. We have deepened our understanding of how DevOps enables IT performance and organizational performance, based on responses from more than 20,000 technical professionals we’ve surveyed over the past four years. The 2015 State of DevOps Report reveals high-performing IT organizations deploy 30x more frequently with 200x shorter lead times. They have 60x fewer failures and recover 168x faster
This Enterprise Strategy Group lab validation report of the NEC Express5800/R320 server with Intel® Xeon® processor presents the benefits of 99.999% uptime NEC fault-tolerant servers that lower overall virtualized server total cost of ownership. This report also includes survey data on the significant costs associated with system outages impacting enterprise and web applications. Click Here to Download Report Now!
It’s been proven time and time again that in tech, diversity drives greater innovation, better team productivity and greater profits and market share. So what can we do in our DevOps teams to embrace diversity and help transform the culture of development and operations into a true “DevOps” team? In her session at DevOps Summit, Stefana Muller, Director, Product Management – Continuous Delivery at CA Technologies, answered that question citing examples, showing how to create opportunities for ...
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Whether you like it or not, DevOps is on track for a remarkable alliance with security. The SEC didn’t approve the merger. And your boss hasn’t heard anything about it. Yet, this unruly triumvirate will soon dominate and deliver DevSecOps faster, cheaper, better, and on an unprecedented scale. In his session at DevOps Summit, Frank Bunger, VP of Customer Success at ScriptRock, will discuss how this cathartic moment will propel the DevOps movement from such stuff as dreams are made on to a prac...
The 3rd International WebRTC Summit, to be held Nov. 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 15th International Cloud Expo, 6th International Big Data Expo, 3rd International DevOps Summit and 2nd Internet of @ThingsExpo. WebRTC (Web-based Real-Time Com...
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of ...
SYS-CON Events announced today that DataClear Inc. will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The DataClear ‘BlackBox’ is the only solution that moves your PC, browsing and data out of the United States and away from prying (and spying) eyes. Its solution automatically builds you a clean, on-demand, virus free, new virtual cloud based PC outside of the United States, and wipes it clean...
In 2014, the market witnessed a massive migration to the cloud as enterprises finally overcame their fears of the cloud’s viability, security, etc. Over the past 18 months, AWS, Google and Microsoft have waged an ongoing battle through a wave of price cuts and new features. For IT executives, sorting through all the noise to make the best cloud investment decisions has become daunting. Enterprises can and are moving away from a "one size fits all" cloud approach. The new competitive field has ...