StarAudit of EuroCloud Europe wants to build trust between cloud providers and users with its certification program. Since its foundation, Andreas Weiss has been Director of EuroCloud Deutschland_eco e. V. and played a major role in the development of the StarAudit. In this interview, Andreas Weiss elaborates on details of the multi-level program.
Why should people get training on the StarAudit?
The StarAudit program addresses a rather broad target group with different functions. This includes IT workers as users (i.e. to classify cloud services) and providers (i.e. to carry out a GAP analysis of their own products).
In addition, there are also employees from the procurement, sales and legal departments to deal with cloud tenders and cloud SLA management. The IT staff also receive a model process for evaluating and selecting cloud services for their customers.
Beyond that, certification partners carry out StarAudit certifications as an auditor after the evaluation and contractual agreement.
Ambassadors, Foundation Experts, and Professionals: How do these training levels differ from each other?
Ambassadors are people who know the range of StarAudit services and mediate between interested parties and providers of StarAudit services - i.e. consulting, training and certification.
Foundation then goes deeper into the content level and StarAudit test areas. It also requires an understanding of the quality statements of the audits ranging from three to five stars, and the specifications for security, data protection, data center, processes and applications, according to the respective contract.
The professional level is applicable when all control requirements with respect to the objectives are known and you have in-depth knowledge of the catalog and the tools.
For whom is which training level suitable?
An Ambassador is more like a stakeholder in companies, associations, and organizations who seeks to raise awareness of the proper use of cloud services and to highlight opportunities for quality assurance.
Foundation provides departmental or divisional heads with an insight into the links to other departments. When it comes, for example, to the implementation of technical and organizational measures (i.e. for the IT department), the measures need to be set out in contracts, and need to harmonize with regulations – in short, they need to be legal in their design. The GDPR is a very good example, but also e-Privacy and e-Evidence will have an impact in the future. However, it mainly concerns people from procurement departments, who ultimately have to bring all requirements of the different departments together.
Professionals are the ones who take care of the implementation and management in the areas of compliance and legal and technical operations. Again, it is also important to maintain an overview and, for example, to gain an understanding of legal requirements, even if you are not a lawyer.
What about further training – if desired?
Ideally, these competencies will be developed during the different training levels and applied in the respective contexts. The qualification is assessed by the
on the basis of an online test and successful participants will receive a certificate. Anyone interested in becoming active as a coach, consultant, or auditor within the scope of the implementation program can join the StarAudit Community. There are agreements that can be requested via the StarAudit website.
We offer special conditions for eco member companies, as well as free codes for obtaining the catalogue documents and the report generation in the assessment tool.