AX Management: Should an Outsourcer Complete a SSAE 16 Type II Audit?

  • 83 views
Uploaded on

Many outsourcing providers offer services for AX management but operate without a set standard for auditing and controls. To be sure application management and hosting assets are handled …

Many outsourcing providers offer services for AX management but operate without a set standard for auditing and controls. To be sure application management and hosting assets are handled appropriately, a provider must follow a set standard of controls that protect each customer's investment.

For more information about AX Management, visit http://www.oneneck.com/Solutions.aspx today.

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
83
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. AX Management:Should an Outsourcer Complete a SSAE 16 Type II Audit? http://www.oneneck.com Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.
  • 2. AX ManagementMany outsourcing providers offer services for AX management, but operate without a setstandard for auditing and controls.To be sure application management and hosting assets are handled appropriately, a providermust follow a set standard of controls that protect each customer’s investment.What is a SSAE 16 Type II Audit?•Replacing SAS 70, SSAE 16 is an internationally recognized auditing standarddeveloped by the American Institute of Certified Public Accountants (AICPA).•SSAE 16 performs what the SAS 70 was originally designed to do: communicate theorganization’s and auditor’s attestation on assertions made by the organizationthrough a structured report.•The SOC 1/SSAE 16 incorporates many improvements upon the original guidebook,including management attestation. http://www.oneneck.com Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.
  • 3. AX ManagementMany outsourcing providers offer services for AX management, but operate without a setstandard for auditing and controls.To be sure application management and hosting assets are handled appropriately, a providermust follow a set standard of controls that protect each customer’s investment.What is a SSAE 16 Type II Audit?•Similar to the SAS 70, the SOC 1/SSAE 16 report may be issued in two formats: Type I and Type II.•Type I reports are a point-in-time assessment of controls in place to ensure thestated control objectives are adequate.•Type II reports build upon Type I reports by requiring the collection of detailedevidence throughout a period of time.•This evidence demonstrates the control objectives defined are not only implemented,but being practiced throughout the audit period. http://www.oneneck.com Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.
  • 4. AX ManagementA SSAE 16 Type II Audit Provides Necessary Insight for AX ManagementTo ensure the most stringent verification of controls of an outsourcing provider’s AXmanagement, a SSAE 16 Type II audit would be preferred.The SOC1/SSAE 16 report now provides further insight into the people, processes andtechnologies implemented to effectively achieve the control objectives outlined bymanagement.The control objectives include items related to:•Administrative Duties to ensure the outsourcing provider maintains a trustworthyworkforce for AX management.•Physical Security to ensure the outsourcing provider’s facilities are protected bystrong policies and practices for the highest performing AX management.•Change Management to ensure effective policies for managing changes toinfrastructure are followed. http://www.oneneck.com Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.
  • 5. AX ManagementA SSAE 16 Type II Audit Provides Necessary Insight for AX Management To ensure the most stringent verification of controls of an outsourcing provider’s AXmanagement, a SSAE 16 Type II audit would be preferred.The SOC1/SSAE 16 report now provides further insight into the people, processes andtechnologies implemented to effectively achieve the control objectives outlined bymanagement. The control objectives include items related to: •Availability  Management  to  ensure  the  AX  management  infrastructure  is  properly maintained  and  the  data  center  environment  is  protected  and  conditioned  in  line with industry best practices.•Incident  and  Event  Management  to  ensure  tools  are  in  place  and  personnel  are properly trained to address potential business impacting events.•Request Management to ensure service requests flow through a proper life cycle. http://www.oneneck.com Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.
  • 6. AX Management A SSAE 16 Type II Audit Provides Needed Confirmations When an AX management outsourcer has completed a SSAE 16 Type II audit,customers can be assured certain claims have been verified.In other words, the company is doing what it says it does when it comes tooperational metrics.For example, a SSAE 16 audit confirms the data center:  • Maintains Sufficient Data and Power Redundancy  • Maintains Appropriate Physical Security Controls   • Monitors for Excessive Temperature Fluctuations • Reviews Alerts on a Timely Basis • Has Proper Fire/Water Detection and Protection http://www.oneneck.com Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.
  • 7. AX ManagementWhen a company trusts a third party for a critical service such as AXmanagement, using only the highest quality providers is an option.Selecting an outsourcing provider without proper controls can put abusiness at significant risk.Therefore, companies must ensure their outsourcing partners leveragethe most advanced technology and skilled personnel to help safeguardtheir IT assets. http://www.oneneck.com Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.
  • 8. ABOUT THE AUTHOR Chuck Vermillion is CEO and founder of OneNeck IT Services, a leading provider of hosted application management and managed services since 1997. For more information about AX Management, visithttp://www.oneneck.com/Solutions.aspx today. http://www.oneneck.com Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.