The 4th version of the StarAudit Catalogue has been released

05.06.2019

We've introduced a new Area focused on GDPR and several enhancements to existing controls as part of this major update.

Over the past 12 months, we have worked very intensively on updating the StarAudit Catalogue and amending it with controls in connection with the GDPR. It has been a long journey to which many people actively made important contributions, and a number of small corrections were made as well.

New Control Catalogue

The 4th version of the Control Catalogue is now finally ready. The core improvement in the new version is the introduction of a new control area, namely Area 07 “Data Protection”. The existing control areas, especially Area 03were also evaluated in terms of their coherency with the new area and adapted accordingly.

New GDPR Area

The new Area 7 features nearly 30 new controls addressing the requirements for cloud providers under the European General Data Protection Regulation. It does not represent a GDPR certificate (for data processors), however; rather, it is intended as a suitable and comprehensive list of requirements that a data controller (i.e. the cloud service customer) can expect from its data processor (i.e. the cloud service provider). Area 7 is obligatory for level 5star and optional for 3star and 4star until the end of 2019. With 2020 the Area 7 will be obligatory for all levels.

Download & Availability

The new StarAudit Catalogue is available for download in the Publications section of the StarAudit website.

Integration into the Assessment Tool

The 4th version of the Catalogue has been fully integrated into the StarAudit Assessment Tool as well. In order to use the latest StarAudit Catalogue, you need to create a new or edit an existing project in the Assessment Tool, select "Structure", add a new Assessment and select the associated template for v4.0. After saving the structure, you will be able to navigate through all the areas and controls.

The 4th version of the Catalogue has now become the standard to achieve a StarAudit Certificate.

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.