The CSA STAR Certification is based on criteria outlined in the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) in addition to ISO/IEC 27001 implementation. ISO/IEC 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The CSA STAR Certification is a third-party independent assessment of the security of a cloud service provider, which demonstrates the alignment of the provider’s ISMS with the CCM best practices. The CSA STAR Certification has three levels: Level 1 (STAR Certification), Level 2 (STAR Attestation), and Level 3 (STAR Continuous Monitoring).1 [2][2] References := CCAK Study Guide, Chapter 5: Cloud Auditing, page 971; CSA STAR Certification, Overview[2][2]