CSA STAR Attestation Level 2 for SOC 2
Level-up your CSP SOC 2 attestation
As a cloud service provider (CSP), protecting sensitive data for your clients, employees, and third-party vendors is key to success. When you need the highest level of assurance that the data you manage is secure, it’s time to add the CSA STAR Level 2 attestation to your SOC 2 attestation.
Pawel Wilczynski
Manager
Pawel is a manager in BNN’s information systems and risk assurance practice, specializing in cybersecurity, risk, and IT systems assurance services.

Connect with us for a complimentary 30-minute consultation to learn if a CSA STAR attestation is right for you.
What attestation means for you
As more systems and data move to the cloud, the public registry of CSA STAR certified providers offers the highest level of assurance to customers by demonstrating a commitment to adhere to accepted security regulations, standards, and frameworks. CSA STAR is the only third-party audit and attestation program that recognizes these heightened assurance requirements and maturity levels of CSPs.
The process utilizes the SOC 2 attestation framework to assess how suitable the design and operating effectiveness of a CSP’s internal controls are. The CSA STAR attestation leverages the details of the SOC 2 Trust Services Criteria together with the CSA Cloud Controls Matrix to evaluate an organization’s controls
Organizations applying for their initial STAR attestation can obtain a Type 1 or Type 2 SOC 2.
BNN is a CSA Star Certified Auditor
Subscribe and stay up-to-date on recent risk assurance news and insights from BNN.
Additional Resources
- NIST Cybersecurity Framework
- Verzion 2022 Data Breach Investigations Report
- CSA STAR from Cloud Security Alliance
- Our BNN team holds several specialized certifications to enhance our service capabilities and additional resources for clients. You can see all certifications held by our professionals in our team directory.
Why CSA STAR?
- Acts in concert with other accepted standards to provide constructive assessments of cloud security vulnerabilities and proposed remediation strategies at your organization
- Offers assurance in your ability to deliver secure service
- Implements a comprehensive framework for you to follow that aligns with cloud security industry expectations, and depending on AICPA guidance
- Increases visibility of cloud assets to allow your management team to monitor the effectiveness of your systems
- Provides industry benchmarks and performance indicators to measure your organization and controls against
What Our Clients Are Saying
We have experienced an excellent business partnership with professionals that are both
knowledgeable and pleasant to work with.Chief Financial Officer, Copyright Clearance Center, Inc.