What You Need to Know About Changes to the STAR Program

May 9, 2017 Debbie Zaller

The CSA recently announced that the STAR Program will now allow a one-time, first-year only, Type 1 STAR Attestation report. What is a Type 1 versus Type 2 examination and what are the benefits for starting with a Type 1 examination?

Type 1 versus Type 2

There are two types of System and Organization Control (SOC) 2 reports, Type 1 and Type 2. Both types of reports examine a service organization’s internal controls relating to one or more of the American Institute of CPAs’ (AICPA) Trust Services Principles and Criteria, as well as the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM). Both reports include an examination on the service organization’s description of its system.

Continue reading the full featured article in April's edition of CSA.org >

About the Author

Debbie Zaller

Debbie Zaller is a Principal at Schellman & Company,LLC. Debbie leads the SOC 2 and SOC 3 service line and is also an AICPA SOC Specialist. Debbie has over 15 years of IT attestation experience and currently spearheads Schellman’s SOC 2 practice, where she is responsible for internal training, methodology creation, and quality reporting. Debbie was a past member of the Florida Institute of Certified Public Accountants’ Board of Governors and served on the Finance and Office Advisory Committee.

More Content by Debbie Zaller
Previous Article
A Management System for the Cloud – Why Your Organization Should Consider ISO 27018
A Management System for the Cloud – Why Your Organization Should Consider ISO 27018

Cloud computing technologies have revolutionized the way organizations manage and store their in...

Next Article
Financial Services - Is there a SOC 1 in your future?
Financial Services - Is there a SOC 1 in your future?

Why would a financial services company need a SOC 1?

×



Subscribe now
to receive content updates once a week

First Name
!
Success
Error - something went wrong!