5 data center compliance trends for non-lawyer ceos (slideshare)
TRANSCRIPT
SPONSORED BY LEAD GENERATION BEST PRACTICESFOR COLOCATION DATA CENTERS
5 Data Center Compliance Trends for
Non-Lawyer CEOs
Do you think that by handing over your systems and your data to a data center, you hand over
compliance issues too?
Sponsored by http://www.DataCenterLeadGen.com
While data center compliance is often a priority for the service provider, whether internal or
external to your organization, as a CEO you retain ultimate
responsibility for the IT assets of your organization, including its
information.Sponsored by http://www.DataCenterLeadGen.com
Certain trends in compliance could help you to steer clear of problems.
Sponsored by http://www.DataCenterLeadGen.com
1. Growing Use of SSAE 16Once upon a time, under the old
SAS 70 model, data centers simply declared that they were
fiscally compliant. This was useful for financial audits
and Sarbanes-Oxley compliance. Sponsored by http://www.DataCenterLeadGen.com
However, it gave no operational assurances about system:•Availability•Confidentiality•Confidentiality•Processing integrity or securityIn short, the so-called Trust Principles that an organization must also respect and uphold.
Sponsored by http://www.DataCenterLeadGen.com
The recent switch to SSAE 16 (Statement on Standards for
Attestation Engagements 16) now includes this in its SOC 2 (Service Organization Control 2) version.
Sponsored by http://www.DataCenterLeadGen.com
2. International Compliance
SSAE 16 is a US compliance standard. There are also
international standards for data center compliance, such as ISAE
3402, which is similar to SSAE 16.
Sponsored by http://www.DataCenterLeadGen.com
ISO 27001 is also internationally used, but the differences compared
to SSAE 16 are more marked.Nonetheless, they have a big point in common in their use in testing controls related to IT and security.
Sponsored by http://www.DataCenterLeadGen.com
3. Uptime Institute Tier CertificationUptime Institute is a consortium formed in 1993, whose goal is to maximize the effectiveness of data centers. It has defined data center “tier standards” as a way to classify availability in a facility. The range of certification is from Tier I (basic infrastructure) to Tier IV (full fault-tolerant site).
Sponsored by http://www.DataCenterLeadGen.com
Which one is right for your organization? You might want to
consult your CIO and, if you have one, your Chief Compliance Office – see
below.(Editor’s Note: The Uptime Institute
announced a few months back that it was overhauling its tier-based
certification program. )Sponsored by http://www.DataCenterLeadGen.com
4. Corporate IT GovernanceCorporate IT governance has been
growing over the last decade or two. As part of this governance, IT must
communicate to the business the technical and technological requirements for
compliance of data center operations, in a form that senior management can
understand.Sponsored by http://www.DataCenterLeadGen.com
Conversely, senior management must be aware of the particular requirements of the business to comply with the Trust Principles
above and drive IT to satisfy them. Typical business needs are the protection of
customer data and the assurance that business critical applications are always
running.Sponsored by http://www.DataCenterLeadGen.com
5. The Chief Compliance OfficerThe “In Focus: 2015 Compliance Trends Survey” from Deloitte shows that:• 53% of consumer and industrial products companies now have a Chief Compliance Officer, compared with 37% the year before.•On the other hand, only 29% think their compliance department’s IT systems can meet the compliance reporting requirements of the business.
Sponsored by http://www.DataCenterLeadGen.com
In other words, CCOs may need to get their own IT systems in order, before they can reasonably investigate the
compliance of any data center used by their organization.
Sponsored by http://www.DataCenterLeadGen.com
The Bottom Line
CEOs will need to keep a watchful eye on compliance in the data center. This is true whether the data center is owned
by their organization or offered as a service by a third party.
Sponsored by http://www.DataCenterLeadGen.com
Compliance standards, corporate IT governance and a Chief Compliance
Officer are all part of the support to help a CEO ensure appropriate action. At the end of the day, however, the buck stops
on the CEO’s desk!
Sponsored by http://www.DataCenterLeadGen.com
Which type of data center compliance is most important to your organization?
Sponsored by http://www.DataCenterLeadGen.com
Give us your point of view with a note in the Comments section below.
Sponsored by http://www.DataCenterLeadGen.com
Copyright © SP Home Run Inc. SP Home Run is a Registered Trademark of SP Home Run Inc. All Worldwide Rights Reserved.
Recommended Reading
Learn How Colocation Data Centers Can Create a Scalable, Data-Driven, Marketing and Sales Funnel That Powers Growth
Download Your Free Copy Now at http://www.DataCenterLeadGen.com