http://DataCenterLeadGen.com Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare). An SSAE 16 data center offers compliance to customers, but of which kind? Find out why giving the wrong assurances could be costly for all parties. Copyright (C) SP Home Run Inc. All worldwide rights reserved.
SQL Database Design For Developers at php[tek] 2024
Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)
1. SPONSORED BY
LEAD GENERATION BEST PRACTICES
FOR COLOCATION DATA CENTERS
Are SSAE 16 Data Center
Problems Impacting Customers
2. The real problems in an SSAE 16 data
center may be the ones you don’t see.
The reason is that SSAE 16 compliance
takes different forms, financial and
operational.
Sponsored by http://www.DataCenterLeadGen.com
3. These two areas are different and
compliance in each one is not
interchangeable with the other.
Sponsored by http://www.DataCenterLeadGen.com
4. Where SSAE 16 Comes From
• SSAE 16, also called “Statement on Standards for Attestation
Engagements 16,” was created by the Auditing Standards
Board (part of the American Institute of Certified Public
Accountants).
• It follows on from the earlier SAS (Statement on Auditing
Standards) 70.
• In general, it defines how service companies report on
compliance.
• For an SSAE 16 data center, it gives assurances to customers
about standards adhered to by that data center.
Sponsored by http://www.DataCenterLeadGen.com
5. The Key Differences between SSAE 16
SOC 1 and SOC 2
•Whether for data centers or other service
organizations, SSAE exists in different versions.
•The ones most commonly used are SOC (Service
Organization Controls) 1 and SOC 2.
Sponsored by http://www.DataCenterLeadGen.com
6. The Key Differences between SSAE 16
SOC 1 and SOC 2
• SOC 1 deals with internal controls over financial reporting. It is
destined for customers’ financial statement audits, as were the
preceding SAS 70 reports.
• It exists in two different sub-varieties:Type I andType II.
• AType I report is a report on policies and procedures concerning
a specified point in time.
• AType II report covers a period of time (a minimum of six
consecutive calendar months.)
Sponsored by http://www.DataCenterLeadGen.com
7. The Key Differences between SSAE 16
SOC 1 and SOC 2
•SOC 2 was specifically created for technology-related
service organizations, including data centers, cloud
computing, and SaaS (Software as a Service).
•It can also beType I orType II, and cover any number
of the so-calledTrust Services Principles: security,
availability, processing integrity, confidentiality, and
privacy.
Sponsored by http://www.DataCenterLeadGen.com
8. Operational Assurances
For an objective measure of how well a data center provides
an operational solution, the fullest report is the SSAE 16 SOC
2Type 2.
This is the guarantee that a data center will perform to
expectations in areas such as:
• Security: protection of systems against unauthorized
access, use, or change
• Availability: respect of service level agreements for system
operation and use
Sponsored by http://www.DataCenterLeadGen.com
9. Operational Assurances
This is the guarantee that a data center will perform to
expectations in areas such as:
• Processing integrity: complete, accurate, authorized,
timely, and valid system processing
• Confidentiality: data specified as confidential is protected
to agreed levels
• Privacy: personal information is handled in conformity with
the service organization’s privacy notice and with the
GenerallyAccepted Privacy Principles (GAPP)
Sponsored by http://www.DataCenterLeadGen.com
10. If a data center cannot satisfy customers
on theTrust Services Principles that are
important to them, then this is an issue.
Whether or not real problems and
damage occur, the risk alone already has
an impact.
Sponsored by http://www.DataCenterLeadGen.com
11. It can prevent customers from fulfilling
their own compliance obligations, or put
their own business goals in jeopardy.
In the absence of a statement about
SSAE 16 SOC 2 compliance, customers
cannot tell if there will potentially be
problems or not.
Sponsored by http://www.DataCenterLeadGen.com
12. A data center that is audited and
found to fall short on one or more of
theTrust Services Principles cannot
claim compliance with those
principles.
Sponsored by http://www.DataCenterLeadGen.com
13. However, it can work to improve its
resources and processes to achieve
audited compliance as an SSAE 16
data center afterward.
Sponsored by http://www.DataCenterLeadGen.com
14. How do you rate SSAE 16 compliance
compared to that of other standards,
like ISO 27001?
Sponsored by http://www.DataCenterLeadGen.com
15. Give us your point of view in the
space for Comments below.
Sponsored by http://www.DataCenterLeadGen.com