GDPR Home

Resources

News

Public Registry

Glossary

Working Group

Public Registry

Assessing your organization's cloud services to the CSA Code of Conduct

The CSA has defined two approaches for adhering to its Code of Conduct:

  • A Self Assessment (Currently Available) and
  • Third party audit-based certification (Available Q4 2018)

The Code of Conduct Self Assessment consist of the voluntary publication on a public registry, the CSA Security, Assurance and Transparency Registry (CSA STAR) of two documents:

The Self Assessment covers compliance to GDPR of the service(s) offered by a CSP. A submission fee of €1495 euros is required to facilitate the publication. After publication, the company will receive authorized use of a Compliance Mark, valid for 1 year.

The Self Assessment shall be revised every time there is a change to the company policies or practices related to the service under assessment.

For the submission of your Code of Conduct Self Assessment please submit the

  • Self Assessment Statement of Adherence and
  • Self Assessment results based on the PLA Code of Practice (CoP) Template - Annex 1

Through the CSA STAR Registry, here (https://cloudsecurityalliance.org/star/#_submit)

The third-Party Certification, which will be available in Q4 2018, covers the same scope of the Self Assessment, but rather than being a self-attestation of the adherence to the requirements of the Code (and consequently of the GDPR), is based on a thorough audit performed by a qualified assessor. During the audit the qualified assessor will verify the correct implementation of CoP Requirements and the accuracy of information included in CoP Template.

CSA Code of Conduct for GDPR Compliance - Resources

Promoting Transparency and assurance, organizations complying with CSA Code of Conduct for GDPR Compliance can apply for an official trust mark.

CSA Code of Conduct for GDPR Compliance Trust Marks

CSA Code of Conduct for GDPR Compliance Declared
CSA Code of Conduct for GDPR Compliance - Declared Mark

The “Declared” mark is given to services and/or providers that have fulfilled the self-assessment process for the CSA Code of Conduct for GDPR Compliance requirements.

CSA Code of Conduct for GDPR Compliance Certified
CSA Code of Conduct for GDPR Compliance - Certified Mark

The “Certified” mark is given to services and/or providers which provide evidence of compliance with the CSA Code of Conduct for GDPR Compliance requirements by means of third party certification.