STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.
IT service management (ITSM) refers to the entirety of activities – directed by policies, organized and structured in processes and supporting procedures – that are performed by an organization or part of an organization to plan, deliver, operate and control IT services offered to customers. It is thus concerned with the implementation of quality IT services that meet the needs of customers, and is performed by the IT service provider through an appropriate mix of people, process and information technology.
BS10012 is to enable organizations to put in place, as part of the overall information governance infrastructure, a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection legislation and good practice
An Information Security Management System (ISO/IEC27001) is a set of policies and procedures concerned with information or IT related risks. The governing principle behind an ISMS that an organization should design, implement and maintain a coherent set of policies, procedures and systems to manage risks to its it informations assets, thus ensuring acceptable levels of information security risk.
Business continuity management (BCM) is a framework for identifying an organization's risk of exposure to internal and external threats. Business Continuity Management (BCM) is defined as a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. (Source: ISO22301)