SPONSORED BY LEAD GENERATION BEST PRACTICESFOR COLOCATION DATA CENTERS

5 Data Center Compliance Trends for

Non-Lawyer CEOs

Do you think that by handing over your systems and your data to a data center, you hand over

compliance issues too?

Sponsored by http://www.DataCenterLeadGen.com

While data center compliance is often a priority for the service provider, whether internal or

external to your organization, as a CEO you retain ultimate

responsibility for the IT assets of your organization, including its

information.Sponsored by http://www.DataCenterLeadGen.com

Certain trends in compliance could help you to steer clear of problems.

Sponsored by http://www.DataCenterLeadGen.com

1. Growing Use of SSAE 16Once upon a time, under the old

SAS 70 model, data centers simply declared that they were

fiscally compliant. This was useful for financial audits

and Sarbanes-Oxley compliance. Sponsored by http://www.DataCenterLeadGen.com

However, it gave no operational assurances about system:•Availability•Confidentiality•Confidentiality•Processing integrity or securityIn short, the so-called Trust Principles that an organization must also respect and uphold.

Sponsored by http://www.DataCenterLeadGen.com

The recent switch to SSAE 16 (Statement on Standards for

Attestation Engagements 16) now includes this in its SOC 2 (Service Organization Control 2) version.

Sponsored by http://www.DataCenterLeadGen.com

2. International Compliance

SSAE 16 is a US compliance standard. There are also

international standards for data center compliance, such as ISAE

3402, which is similar to SSAE 16.

Sponsored by http://www.DataCenterLeadGen.com

ISO 27001 is also internationally used, but the differences compared

to SSAE 16 are more marked.Nonetheless, they have a big point in common in their use in testing controls related to IT and security.

Sponsored by http://www.DataCenterLeadGen.com

3. Uptime Institute Tier CertificationUptime Institute is a consortium formed in 1993, whose goal is to maximize the effectiveness of data centers. It has defined data center “tier standards” as a way to classify availability in a facility. The range of certification is from Tier I (basic infrastructure) to Tier IV (full fault-tolerant site).

Sponsored by http://www.DataCenterLeadGen.com

Which one is right for your organization? You might want to

consult your CIO and, if you have one, your Chief Compliance Office – see

below.(Editor’s Note: The Uptime Institute

announced a few months back that it was overhauling its tier-based

certification program. )Sponsored by http://www.DataCenterLeadGen.com

4. Corporate IT GovernanceCorporate IT governance has been

growing over the last decade or two. As part of this governance, IT must

communicate to the business the technical and technological requirements for

compliance of data center operations, in a form that senior management can

understand.Sponsored by http://www.DataCenterLeadGen.com

Conversely, senior management must be aware of the particular requirements of the business to comply with the Trust Principles

above and drive IT to satisfy them. Typical business needs are the protection of

customer data and the assurance that business critical applications are always

running.Sponsored by http://www.DataCenterLeadGen.com

5. The Chief Compliance OfficerThe “In Focus: 2015 Compliance Trends Survey” from Deloitte shows that:• 53% of consumer and industrial products companies now have a Chief Compliance Officer, compared with 37% the year before.•On the other hand, only 29% think their compliance department’s IT systems can meet the compliance reporting requirements of the business. 

Sponsored by http://www.DataCenterLeadGen.com

In other words, CCOs may need to get their own IT systems in order, before they can reasonably investigate the

compliance of any data center used by their organization.

Sponsored by http://www.DataCenterLeadGen.com

The Bottom Line

CEOs will need to keep a watchful eye on compliance in the data center. This is true whether the data center is owned

by their organization or offered as a service by a third party. 

Sponsored by http://www.DataCenterLeadGen.com

Compliance standards, corporate IT governance and a Chief Compliance

Officer are all part of the support to help a CEO ensure appropriate action. At the end of the day, however, the buck stops

on the CEO’s desk!

Sponsored by http://www.DataCenterLeadGen.com

Which type of data center compliance is most important to your organization?

Sponsored by http://www.DataCenterLeadGen.com

Give us your point of view with a note in the Comments section below.

Sponsored by http://www.DataCenterLeadGen.com

Copyright © SP Home Run Inc. SP Home Run is a Registered Trademark of SP Home Run Inc. All Worldwide Rights Reserved.

Recommended Reading

Learn How Colocation Data Centers Can Create a Scalable, Data-Driven, Marketing and Sales Funnel That Powers Growth

Download Your Free Copy Now at http://www.DataCenterLeadGen.com