Which standard does Level Two of the CSA STAR involve?

Level Two of the Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) involves the ISO 27001:2013 standard for security management systems. This particular standard outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It serves as a framework that organizations can follow to manage their information security risks effectively.

By achieving Level Two compliance under CSA STAR, organizations demonstrate that they have not only adopted best practices for cloud security as detailed in the CSA best practices but also undergone an independent third-party audit to verify their implementation of ISO 27001:2013 standards. This adds an additional layer of assurance regarding the organizational maturity in handling security within cloud environments.

Standards such as ISO 27001:2005, ISO 9001:2015, and ISO 31000:2018 do not align with the requirements outlined for CSA STAR Level Two, as they pertain to different areas of information security management, quality management systems, and risk management frameworks, respectively.