SPONSORED BY LEAD GENERATION BEST PRACTICESFOR COLOCATION DATA CENTERS

Are SSAE 16 Data Center Problems Impacting

Customers

The real problems in an SSAE 16 data center may be the

ones you don’t see. The reason is that SSAE 16 compliance takes different

forms, financial and operational.

Sponsored by http://www.DataCenterLeadGen.com

These two areas are different and compliance in

each one is not interchangeable with the

other.Sponsored by http://www.DataCenterLeadGen.com

Where SSAE 16 Comes From• SSAE 16, also called “Statement on Standards for Attestation Engagements 16,” was created by the Auditing Standards Board (part of the American Institute of Certified Public Accountants). • It follows on from the earlier SAS (Statement on Auditing Standards) 70.• In general, it defines how service companies report on compliance. • For an SSAE 16 data center, it gives assurances to customers about standards adhered to by that data center.Sponsored by

http://www.DataCenterLeadGen.com

The Key Differences between SSAE 16 SOC 1 and SOC 2

•Whether for data centers or other service organizations, SSAE exists in different versions. •The ones most commonly used are SOC (Service Organization Controls) 1 and SOC 2.

Sponsored by http://www.DataCenterLeadGen.com

The Key Differences between SSAE 16 SOC 1 and SOC 2

• SOC 1 deals with internal controls over financial reporting. It is destined for customers’ financial statement audits, as were the preceding SAS 70 reports. • It exists in two different sub-varieties: Type I and Type II. • A Type I report is a report on policies and procedures concerning a specified point in time. • A Type II report covers a period of time (a minimum of six consecutive calendar months.)Sponsored by

http://www.DataCenterLeadGen.com

The Key Differences between SSAE 16 SOC 1 and SOC 2

•SOC 2 was specifically created for technology-related service organizations, including data centers, cloud computing, and SaaS (Software as a Service). • It can also be Type I or Type II, and cover any number of the so-called Trust Services Principles: security, availability, processing integrity, confidentiality, and privacy.

Sponsored by http://www.DataCenterLeadGen.com

Operational AssurancesFor an objective measure of how well a data center provides an operational solution, the fullest report is the SSAE 16 SOC 2 Type 2. This is the guarantee that a data center will perform to expectations in areas such as:•Security: protection of systems against unauthorized access, use, or change•Availability: respect of service level agreements for system operation and use

Sponsored by http://www.DataCenterLeadGen.com

Operational AssurancesThis is the guarantee that a data center will perform to expectations in areas such as:•Processing integrity: complete, accurate, authorized, timely, and valid system processing•Confidentiality: data specified as confidential is protected to agreed levels•Privacy: personal information is handled in conformity with the service organization’s privacy notice and with the Generally Accepted Privacy Principles (GAPP)

Sponsored by http://www.DataCenterLeadGen.com

If a data center cannot satisfy customers on the Trust Services Principles that are important to

them, then this is an issue.Whether or not real problems and damage occur, the risk

alone already has an impact. Sponsored by http://www.DataCenterLeadGen.com

It can prevent customers from fulfilling their own compliance obligations, or put their own business goals in jeopardy.

In the absence of a statement about SSAE 16 SOC 2

compliance, customers cannot tell if there will potentially be

problems or not.Sponsored by http://www.DataCenterLeadGen.com

A data center that is audited and found to fall short on one or more of the Trust Services

Principles cannot claim compliance with those

principles.Sponsored by http://www.DataCenterLeadGen.com

However, it can work to improve its resources and

processes to achieve audited compliance as an SSAE 16

data center afterward.

Sponsored by http://www.DataCenterLeadGen.com

How do you rate SSAE 16 compliance compared to that of other standards, like ISO

27001?

Sponsored by http://www.DataCenterLeadGen.com

Give us your point of view in the space for

Comments below.

Sponsored by http://www.DataCenterLeadGen.com

Copyright © SP Home Run Inc. SP Home Run is a Registered Trademark of SP Home Run Inc. All Worldwide Rights Reserved.

Recommended Reading

Learn How Colocation Data Centers Can Create a Scalable, Data-Driven, Marketing and Sales Funnel That Powers Growth

Download Your Free Copy Now at http://www.DataCenterLeadGen.com