Over the past 12 months, we have worked very intensively on updating the StarAudit Catalogue and amending it with controls in connection with the GDPR. It has been a long journey to which many people actively made important contributions, and a number of small corrections were made as well.
New Control Catalogue
The 4th version of the Control Catalogue is now finally ready. The core improvement in the new version is the introduction of a new control area, namely Area 07 “Data Protection”. The existing control areas, especially Area 03, were also evaluated in terms of their coherency with the new area and adapted accordingly.
New GDPR Area
The new Area 7 features nearly 30 new controls addressing the requirements for cloud providers under the European General Data Protection Regulation. It does not represent a GDPR certificate (for data processors), however; rather, it is intended as a suitable and comprehensive list of requirements that a data controller (i.e. the cloud service customer) can expect from its data processor (i.e. the cloud service provider).
Download & Availability
The new StarAudit Catalogue is available for download in the Publications section of the StarAudit website.
Integration into the Assessment Tool
The 4th version of the Catalogue has been fully integrated into the StarAudit Assessment Tool as well. In order to use the latest StarAudit Catalogue, you need to create a new or edit an existing project in the Assessment Tool, select "Structure", add a new Assessment and select the associated template for v4.0. After saving the structure, you will be able to navigate through all the areas and controls.
The 4th version of the Catalogue has now become the standard to achieve a StarAudit Certificate.