CSA STAR at Exclaimer
CSA STAR (Security, Trust, Assurance and Risk) is a publicly accessible registry that documents cloud providers' security controls against the Cloud Controls Matrix. Exclaimer's cloud solution has been publicly listed in the CSA STAR Registry since July 2020. Anyone evaluating Exclaimer can download our completed CAIQ (Consensus Assessments Initiative Questionnaire), the standardized questionnaire cloud providers complete to document their security controls against the CCM framework, directly from the Cloud Security Alliance.
This means customers can independently verify Exclaimer's stated security controls through the public registry without requesting documentation directly.
This page covers what's in our submission and how to access it.
Exclaimer's CSA STAR Level 1 self-assessment
Exclaimer’s submission is a STAR Level 1 Self-Assessment. We complete the Cloud Security Alliance's standardized cloud security questionnaire (the CAIQ), publish our answers in the CSA STAR Registry, and renew the submission annually.
What are the details of Exclaimer's CSA STAR listing?
Attribute | Details |
|---|---|
Service in scope | Exclaimer Cloud |
Submission type | STAR Level 1 Self-Assessment |
Framework | Cloud Controls Matrix (CCM) v4 |
Listed since | 16 July 2020 |
Renewal cadence | Annual |
Trustmark | CSA Trusted Cloud Provider |
What does the CAIQ cover in Exclaimer's CSA STAR submission?
The Cloud Controls Matrix defines 197 control objectives across 17 domains. Our CAIQ documents how Exclaimer's cloud solution addresses each one.
Exclaimer’s CSA Trusted Cloud Provider status
Exclaimer carries the CSA Trusted Cloud Provider trustmark. CSA grants this trustmark to organizations that meet four conditions:
A current STAR Registry submission
Corporate membership with the Cloud Security Alliance
At least 20 hours of volunteer time contributed to CSA activities each year
A staff member who holds the Certificate of Cloud Security Knowledge (CCSK)
Exclaimer has been a CSA Corporate Member since 2021. This membership signifies our ongoing commitment to cloud security best practices beyond basic registry listing.
Is Exclaimer the only email signature provider in the CSA STAR Registry?
Yes, Exclaimer is the only dedicated email signature management provider publicly listed in the CSA STAR Registry, as of May 2026.
Access Exclaimer's CAIQ
Our completed CAIQ is hosted publicly in the CSA STAR Registry. You can download it directly from the Cloud Security Alliance without contacting Exclaimer, signing an NDA, or creating an account.
View Exclaimer's listing in the CSA STAR Registry →For wider security and compliance documentation, or to speak to our security team directly, visit the Exclaimer Trust Center.
Visit the Exclaimer Trust Center →Frequently asked questions about Exclaimer and CSA STAR
Exclaimer holds a STAR Level 1 Self-Assessment. At this level, the provider completes the Consensus Assessments Initiative Questionnaire (CAIQ) against the Cloud Controls Matrix and publishes the result in the public CSA STAR Registry.
The difference is independent audit. Level 1 is a public self-assessment: the provider answers the CAIQ against their own controls and publishes the result in the registry. Level 2 adds an accredited external auditor who assesses the provider against the Cloud Controls Matrix and issues either a STAR Attestation (aligned to SOC 2) or a STAR Certification (aligned to ISO/IEC 27001).
No. Level 1 is a self-assessment. Independent audit applies at Level 2.
The CAIQ covers Exclaimer Cloud's controls across all 17 domains of the Cloud Security Alliance's Cloud Controls Matrix (CCM) v4. The matrix defines 197 control objectives. Our completed questionnaire documents how Exclaimer's cloud solution addresses each one. The 17 domains are:
Audit and Assurance
Application and Interface Security
Business Continuity Management and Operational Resilience
Change Control and Configuration Management
Cryptography, Encryption, and Key Management
Datacenter Security
Data Security and Privacy
Governance, Risk Management, and Compliance
Human Resources Security
Identity and Access Management
Interoperability and Portability
Infrastructure and Virtualization Security
Logging and Monitoring
Security Incident Management, E-Discovery, and Cloud Forensics
Supply Chain Management, Transparency, and Accountability
Threat and Vulnerability Management
Universal Endpoint Management
We renew our CAIQ annually, in line with CSA's STAR Registry renewal cadence.
The CSA Trusted Cloud Provider trustmark is an additional designation given to CSA Corporate Members who maintain a current STAR Registry submission, contribute regular volunteer time to CSA activities, and employ CCSK-certified staff. Exclaimer has carried the trustmark since 2021.
Direct from the Exclaimer listing in the CSA STAR Registry. For wider security documentation, visit the Exclaimer Trust Center.
Talk to Exclaimer's security team
If your vendor review needs documentation or context that isn't covered here or in the CAIQ, our security team can walk you through specific controls, scope details, or any other questions on Exclaimer's CSA STAR submission.
Contact our security team →