SPONSORED BY LEAD GENERATION BEST PRACTICESFOR COLOCATION DATA CENTERS
Are SSAE 16 Data Center Problems Impacting
Customers
The real problems in an SSAE 16 data center may be the
ones you don’t see. The reason is that SSAE 16 compliance takes different
forms, financial and operational.
Sponsored by http://www.DataCenterLeadGen.com
These two areas are different and compliance in
each one is not interchangeable with the
other.Sponsored by http://www.DataCenterLeadGen.com
Where SSAE 16 Comes From• SSAE 16, also called “Statement on Standards for Attestation Engagements 16,” was created by the Auditing Standards Board (part of the American Institute of Certified Public Accountants). • It follows on from the earlier SAS (Statement on Auditing Standards) 70.• In general, it defines how service companies report on compliance. • For an SSAE 16 data center, it gives assurances to customers about standards adhered to by that data center.Sponsored by
http://www.DataCenterLeadGen.com
The Key Differences between SSAE 16 SOC 1 and SOC 2
•Whether for data centers or other service organizations, SSAE exists in different versions. •The ones most commonly used are SOC (Service Organization Controls) 1 and SOC 2.
Sponsored by http://www.DataCenterLeadGen.com
The Key Differences between SSAE 16 SOC 1 and SOC 2
• SOC 1 deals with internal controls over financial reporting. It is destined for customers’ financial statement audits, as were the preceding SAS 70 reports. • It exists in two different sub-varieties: Type I and Type II. • A Type I report is a report on policies and procedures concerning a specified point in time. • A Type II report covers a period of time (a minimum of six consecutive calendar months.)Sponsored by
http://www.DataCenterLeadGen.com
The Key Differences between SSAE 16 SOC 1 and SOC 2
•SOC 2 was specifically created for technology-related service organizations, including data centers, cloud computing, and SaaS (Software as a Service). • It can also be Type I or Type II, and cover any number of the so-called Trust Services Principles: security, availability, processing integrity, confidentiality, and privacy.
Sponsored by http://www.DataCenterLeadGen.com
Operational AssurancesFor an objective measure of how well a data center provides an operational solution, the fullest report is the SSAE 16 SOC 2 Type 2. This is the guarantee that a data center will perform to expectations in areas such as:•Security: protection of systems against unauthorized access, use, or change•Availability: respect of service level agreements for system operation and use
Sponsored by http://www.DataCenterLeadGen.com
Operational AssurancesThis is the guarantee that a data center will perform to expectations in areas such as:•Processing integrity: complete, accurate, authorized, timely, and valid system processing•Confidentiality: data specified as confidential is protected to agreed levels•Privacy: personal information is handled in conformity with the service organization’s privacy notice and with the Generally Accepted Privacy Principles (GAPP)
Sponsored by http://www.DataCenterLeadGen.com
If a data center cannot satisfy customers on the Trust Services Principles that are important to
them, then this is an issue.Whether or not real problems and damage occur, the risk
alone already has an impact. Sponsored by http://www.DataCenterLeadGen.com
It can prevent customers from fulfilling their own compliance obligations, or put their own business goals in jeopardy.
In the absence of a statement about SSAE 16 SOC 2
compliance, customers cannot tell if there will potentially be
problems or not.Sponsored by http://www.DataCenterLeadGen.com
A data center that is audited and found to fall short on one or more of the Trust Services
Principles cannot claim compliance with those
principles.Sponsored by http://www.DataCenterLeadGen.com
However, it can work to improve its resources and
processes to achieve audited compliance as an SSAE 16
data center afterward.
Sponsored by http://www.DataCenterLeadGen.com
How do you rate SSAE 16 compliance compared to that of other standards, like ISO
27001?
Sponsored by http://www.DataCenterLeadGen.com
Give us your point of view in the space for
Comments below.
Sponsored by http://www.DataCenterLeadGen.com
Copyright © SP Home Run Inc. SP Home Run is a Registered Trademark of SP Home Run Inc. All Worldwide Rights Reserved.
Recommended Reading
Learn How Colocation Data Centers Can Create a Scalable, Data-Driven, Marketing and Sales Funnel That Powers Growth
Download Your Free Copy Now at http://www.DataCenterLeadGen.com