Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)
Download as PPTX, PDF1 like121 views
The document discusses SSAE 16 compliance for data centers, highlighting its significance in providing operational and financial assurances to customers. It outlines the differences between SSAE 16 SOC 1 and SOC 2, with SOC 2 tailored for technology-related organizations, covering key trust service principles like security and confidentiality. The importance of transparency in compliance is emphasized, as failure to meet these principles can negatively impact customer trust and compliance obligations.
Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)
- 1. SPONSORED BY LEAD GENERATION BEST PRACTICES FOR COLOCATION DATA CENTERS Are SSAE 16 Data Center Problems Impacting Customers
- 2. The real problems in an SSAE 16 data center may be the ones you don’t see. The reason is that SSAE 16 compliance takes different forms, financial and operational. Sponsored by http://www.DataCenterLeadGen.com
- 3. These two areas are different and compliance in each one is not interchangeable with the other. Sponsored by http://www.DataCenterLeadGen.com
- 4. Where SSAE 16 Comes From • SSAE 16, also called “Statement on Standards for Attestation Engagements 16,” was created by the Auditing Standards Board (part of the American Institute of Certified Public Accountants). • It follows on from the earlier SAS (Statement on Auditing Standards) 70. • In general, it defines how service companies report on compliance. • For an SSAE 16 data center, it gives assurances to customers about standards adhered to by that data center. Sponsored by http://www.DataCenterLeadGen.com
- 5. The Key Differences between SSAE 16 SOC 1 and SOC 2 •Whether for data centers or other service organizations, SSAE exists in different versions. •The ones most commonly used are SOC (Service Organization Controls) 1 and SOC 2. Sponsored by http://www.DataCenterLeadGen.com
- 6. The Key Differences between SSAE 16 SOC 1 and SOC 2 • SOC 1 deals with internal controls over financial reporting. It is destined for customers’ financial statement audits, as were the preceding SAS 70 reports. • It exists in two different sub-varieties:Type I andType II. • AType I report is a report on policies and procedures concerning a specified point in time. • AType II report covers a period of time (a minimum of six consecutive calendar months.) Sponsored by http://www.DataCenterLeadGen.com
- 7. The Key Differences between SSAE 16 SOC 1 and SOC 2 •SOC 2 was specifically created for technology-related service organizations, including data centers, cloud computing, and SaaS (Software as a Service). •It can also beType I orType II, and cover any number of the so-calledTrust Services Principles: security, availability, processing integrity, confidentiality, and privacy. Sponsored by http://www.DataCenterLeadGen.com
- 8. Operational Assurances For an objective measure of how well a data center provides an operational solution, the fullest report is the SSAE 16 SOC 2Type 2. This is the guarantee that a data center will perform to expectations in areas such as: • Security: protection of systems against unauthorized access, use, or change • Availability: respect of service level agreements for system operation and use Sponsored by http://www.DataCenterLeadGen.com
- 9. Operational Assurances This is the guarantee that a data center will perform to expectations in areas such as: • Processing integrity: complete, accurate, authorized, timely, and valid system processing • Confidentiality: data specified as confidential is protected to agreed levels • Privacy: personal information is handled in conformity with the service organization’s privacy notice and with the GenerallyAccepted Privacy Principles (GAPP) Sponsored by http://www.DataCenterLeadGen.com
- 10. If a data center cannot satisfy customers on theTrust Services Principles that are important to them, then this is an issue. Whether or not real problems and damage occur, the risk alone already has an impact. Sponsored by http://www.DataCenterLeadGen.com
- 11. It can prevent customers from fulfilling their own compliance obligations, or put their own business goals in jeopardy. In the absence of a statement about SSAE 16 SOC 2 compliance, customers cannot tell if there will potentially be problems or not. Sponsored by http://www.DataCenterLeadGen.com
- 12. A data center that is audited and found to fall short on one or more of theTrust Services Principles cannot claim compliance with those principles. Sponsored by http://www.DataCenterLeadGen.com
- 13. However, it can work to improve its resources and processes to achieve audited compliance as an SSAE 16 data center afterward. Sponsored by http://www.DataCenterLeadGen.com
- 14. How do you rate SSAE 16 compliance compared to that of other standards, like ISO 27001? Sponsored by http://www.DataCenterLeadGen.com
- 15. Give us your point of view in the space for Comments below. Sponsored by http://www.DataCenterLeadGen.com
- 16. Copyright © SP Home Run Inc. SP Home Run is a RegisteredTrademark of SP Home Run Inc.AllWorldwide Rights Reserved. Recommended Reading Learn How Colocation Data Centers Can Create a Scalable, Data-Driven, Marketing and Sales FunnelThat Powers Growth DownloadYour Free Copy Now at http://www.DataCenterLeadGen.com