Shifting to Software-Defined
Showing results for 
Search instead for 
Did you mean: 

HP receives new CSA STAR Certification in the UK by BSI—it’s a first!


Author: Gursharan Virdi, UK&I ISO27001 Programme Manager (See Below)


Being a major cloud service provider, we fully understood the importance of achieving CSA STAR Certification. It is a major acomplishment for HP which was achieved through dedication and hard work by both the UK&I ISO27001 Project and UK PS Account ECS-G teams. This certification provides further assurance to our UK Government customers that we have gone the additional mile to differentiate our cloud offering from that of our peers



Figure 1 - Howard Kerr (Chief Executive, BSI) congratulating Gursharan Virdi and Siddiq Ravat (HP UK&I
ISO27001 Project team)



Figure 2 – Siddiq Ravat and Gursharan Virdi with Howard Kerr


Why are we so excited about this certification?

Since early 2013 BSI and HP UKPS (HP’s public sector arm) have been working together to take HP’s new Enterprise Cloud Services for Government (ECS-G) through the ISO/IEC 27001 Certification process. The award of ISO/IEC 27001 is a key indicator of process maturity and a necessary step toward security accreditation for ECS-G. While working through this project the BSI and HP teams agreed that ECS-G should also be used to pilot the new Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) as part of the CSA Security, Trust and Registration (STAR) initiative.


The CSA CCM was specifically designed to provide fundamental security principles to guide cloud service providers like HP and to help their prospective customers in assessing the security risks of a cloud service provider. The CSA STAR Certification includes rigorous independent assessment by BSI of the security of HP’s UKPS ECS-G cloud service.



Beginning in July 2012, BSI supported HP with the ISO/IEC 27001 certification of the company’s UKPS ECS-G cloud services. This continuous engagement included numerous face-to-face meetings and several joint cloud workshops to understand the CCM framework in readiness for the combined BSI audit conducted in October 2013. In addition, BSI carried out a two-day pre-assessment in early August 2013 to validate HP’s approach and progress toward fulfilling the requirements of the audit.


BSI visited several HP UKPS ECS-G delivery sites to perform the combined audit for Stage 2 ISO/IEC 27001 and CSA STAR Certification. At the end of the rigorous five-day audit, we learned that we had successfully achieved ISO/IEC 27001 certification for our ECS-G cloud services, with no non-conformities being raised. We were also awarded the CSA STAR Certification and our maturity was assessed at the Silver Level. We are the first large CSP to achieve this milestone in the UK.


We plan to build on this experience and bring other variants of our cloud service offering to the same level of expertise and maturity. With respect to the UKPS ECS-G cloud services, we will be continually working with BSI to ensure we maintain this certification and improve the maturity levels we achieved providing further assurance to its UK Government clients.


John Mullin, HP UKPS Portfolio Lead for Cloud, sums up, “I am delighted that we have been able to work with the BSI to pilot the CSA STAR Certification Scheme and that HP is one of the first UK CSP’s to achieve this status. Delivered from award winning data centres in the UK, the ECS-G range of secure cloud services will enable Public Sector customers to consume cloud services flexibly while benefitting from the quality of supply for which HP is renowned.”


Customer Objectives

  • Demonstrate cloud security
  • Reassure public sector customers
  • Differentiate service offering
  • Raise the bar for the industry
  • Underpin future growth


Customer Benefits

  • Improved cloud security measures
  • Strong customer reassurance
  • Visible best practice
  • Industry leadership
  • Competitive advantage



These are the strategic and operational benefits of CSA STAR Certification to HP, underpinning our future growth strategy for cloud computing:

  • Sets a new standard for cloud security in the industry.
  • Creates visibility, so that senior management can evaluate the effectiveness of its management system for cloud services in relation to expectations of the international standard and the cloud security industry.
  • Allows a tailored audit to be implemented that will reflect how HP’s security goals are aimed at optimizing its cloud services.
  • Offers an independently validated award from BSI to benchmark HP’s performance against peers and to demonstrate continual progress and improvement in HP’s cloud services.
  • Makes information available that allows HP to understand its current security status and identify any improvements required, resulting in new service improvement programmes where these are required.
  • Provides HP with a view of the status of the business and highlights the strengths and weaknesses of cloud services, allowing HP to maximize resources, improve operational efficiencies and reduce costs.
  • Gives independent reassurance to senior management on where the risks, threats and opportunities lie within HP’s cloud service offering.



The UK&I ISO27001 Project team (Gursharan Virdi, Siddiq Ravat, Richard Selby and Vivek Sajip) have become the first four people in the UK to pass the new Advanced Cloud Security Auditing for STAR Certification Course provided by BSI Training. These four HP staff are now the only qualified people in the UK (outside of BSI) to hold this qualification. This further demonstrates the commitment that HP has in developing the expertise to support a win-win strategy for cloud computing.




More information on the STAR Certification can be found at the following links:


More information on the CSA can be found at the following link:


More information on BSI can be found at the following link:





Gursharan Virdi – He is the UK&I ISO27001 Programme Lead within the EMEA Quality and Process Improvement (QPI) organisation and a highly qualified Managed Security Service Professional with 20 years of experience in IT Security Management. Previously held senior IT management roles with Logica, Siemens Business Services, EDS and now HP.

Senior Manager, Cloud Online Marketing
0 Kudos
About the Author


I manage the HPE Helion social media and website teams promoting the enterprise cloud solutions at HPE for hybrid, public, and private clouds. I was previously at Dell promoting their Cloud solutions and was the open source community manager for OpenStack and at Rackspace and Citrix Systems. While at Citrix Systems, I founded the Citrix Developer Network, developed global alliance and licensing programs, and even once added audio to the DOS ICA client with assembler. Follow me at @SpectorID