CSA STAR Attestation Level 2 for SOC 2

Level-up your CSP SOC 2 attestation

As a cloud service provider (CSP), protecting sensitive data for your clients, employees, and third-party vendors is key to success. When you need the highest level of assurance that the data you manage is secure, it’s time to add the CSA STAR Level 2 attestation to your SOC 2 attestation.

BNN & CSA STAR Attestation
Cybersecurity Manager

Pawel Wilczynski


Pawel is a manager in BNN’s information systems and risk assurance practice, specializing in cybersecurity, risk, and IT systems assurance services.

Pawel Wilczynski headshot

Connect with us for a complimentary 30-minute consultation to learn if a CSA STAR attestation is right for you.

What attestation means for you

As more systems and data move to the cloud, the public registry of CSA STAR certified providers offers the highest level of assurance to customers by demonstrating a commitment to adhere to accepted security regulations, standards, and frameworks. CSA STAR is the only third-party audit and attestation program that recognizes these heightened assurance requirements and maturity levels of CSPs.

The process utilizes the SOC 2 attestation framework to assess how suitable the design and operating effectiveness of a CSP’s internal controls are. The CSA STAR attestation leverages the details of the SOC 2 Trust Services Criteria together with the CSA Cloud Controls Matrix to evaluate an organization’s controls

Organizations applying for their initial STAR attestation can obtain a Type 1 or Type 2 SOC 2.


BNN is a CSA Star Certified Auditor

BNN is a CSA Star Certified Auditor for SOC 2 attestationLEARN MORE ABOUT OUR APPROACH

Subscribe and stay up-to-date on recent risk assurance news and insights from BNN.

Additional Resources


  • Acts in concert with other accepted standards to provide constructive assessments of cloud security vulnerabilities and proposed remediation strategies at your organization
  • Offers assurance in your ability to deliver secure service
  • Implements a comprehensive framework for you to follow that aligns with cloud security industry expectations, and depending on AICPA guidance
  • Increases visibility of cloud assets to allow your management team to monitor the effectiveness of your systems
  • Provides industry benchmarks and performance indicators to measure your organization and controls against


We can help you enhance your SOC 2 compliance.