Top 5 SSAE 16 Problems Faced by Data Center CEOs (SlideShare)

SPONSORED BY LEAD GENERATION BEST PRACTICESFOR COLOCATION DATA CENTERS

Top 5 SSAE 16 Problems Faced by Data Center CEOs

Executives looking to expand their data centers, and improve the level of service they provide

their customers are also faced with the challenge of meeting the American Institute of CPA’s Statement on Standards for Attestation

Engagements (SSAE) 16 audit standards (SSAE) 16 audit standards.

Sponsored by http://www.DataCenterLeadGen.com

http://www.datacenterleadgen.com/

These SSAE Service Operations Controls (SOC’s) have three versions, and understanding which

control applies to you takes some research.



Here are five of the problems which data center CEOs are experiencing with meeting SSAE

requirements, and some resources of information you should find helpful in determining the services

and strategies you need to put in place for your managed services facilities.



1. The Costs of the ReportHaving an audit conducted of your data center to produce a report starts at around $15,000. When the CEO of a new hosting provider or colocation

facility tries to justify the cost of the report, against the potential loss of customers who require SSAE

compliance, it is tempting to just pursue other security and reliability standards. Costs are likely

to be in the $25,000 to $30,000 range.



It isn’t just the pure dollar cost of the report either. Whether or not SSAE 16 certification is required by law is uncertain. A lot of the information which is

published about the standard is written for lawyers, accountants, and consultants as opposed

to technology business executives.



Weighing the expense of having a specific report completed vs marketing to a target market that doesn’t require SSAE certification, or just turning

down the suggestion of the audit is an option which data centers need to consider.



2. Intentional Acts

Though most data center personnel is professional, reliable and morally astute, an audit may uncover

what seems to be a “Band-Aid” fix on a control which can drastically change the direction of the entire

audit.



One audit exposure is likely to intensify on every line item on the report, and the costs of remediating gaps might not be in the immediate operating

budget. There is also another (less strict) report which data center executives can consider called the

ISAE 3402.



These standards all have a similar PR company creating names for them, and it may take a number of reads of the acronyms to remember them, not to

mention the reports which they support.



3. Reports are Mandatory for Data Centers Serving Certain Industries

Data centers which manage information for these industries require SSAE 16 compliance:



•Financial services•Government•Healthcare•Extended public sectors such as schools and social services•Many regulated industries such as utilities, retail, and xSPs hosting e-commerce sites are under high security/audit scrutiny



If you are a data center which serves these industry segments, having the appropriate SOC/SSAE 16 report completed by your CPA is recommended.



4. Preparation for SSAE 16 Audits

Having the appropriate documents, personnel, and other resources is required for an SSAE investigation. There may be individuals on your staff who may be

required for delivery and management of your facility.



On a positive note, the CPA could provide your team with good insights on how their work, and following SSAE standards can help them be more effective at

their job, and to improve the operations of your service.



The documentation the auditor requires hopefully won’t be difficult to pull together, and you

company’s privacy is assured, as their report does not ship your documents to any third party

assessors. It never hurts to confirm this with the auditor, though, before they roll up their sleeves.



5. Many Options, Not All Seem Relevant

There are many combinations of SSAE 16, SOC 1, SOC 2, and SOC 3 which you can sign up for, and have audited. SSAE 16 SOC 1 is about financial

compliance, and not technology security, reliability and scalability.



So many data center CEOs may allow their existing accounting documents to stand for their financial audits, as opposed to having one done for their customer’s “satisfaction” or “peace of mind.”



Some reports may be done on SOC 1 and a data center might promote that it has been certified against SOC 2 or 3 without knowing

the specifics about those technical evaluations.



Unlike PCI DSS compliance, there isn’t a wealth of business-friendly websites from a central organization; you’ll find more data from 3rd

party auditors than the AICPA itself.



Have you contracted with a CPA to conduct a thorough review of your data center financials, personnel, and/or infrastructure technology? Have you had an SSAE audit completed, and

now wonder what the strategic value of it was?



Tell us about your experiences in the Comments section below!



Copyright © SP Home Run Inc. SP Home Run is a Registered Trademark of SP Home Run Inc. All Worldwide Rights Reserved.

Recommended Reading

Learn How Colocation Data Centers Can Create a Scalable, Data-Driven, Marketing and Sales Funnel That Powers Growth

Download Your Free Copy Now at http://www.DataCenterLeadGen.com



Technology

Top 5 SSAE 16 Problems Faced by Data Center CEOs (SlideShare)