top 5 ssae 16 problems faced by data center ceos (slideshare)
TRANSCRIPT
SPONSORED BY LEAD GENERATION BEST PRACTICESFOR COLOCATION DATA CENTERS
Top 5 SSAE 16 Problems Faced by Data Center CEOs
Executives looking to expand their data centers, and improve the level of service they provide
their customers are also faced with the challenge of meeting the American Institute of CPA’s Statement on Standards for Attestation
Engagements (SSAE) 16 audit standards (SSAE) 16 audit standards.
Sponsored by http://www.DataCenterLeadGen.com
These SSAE Service Operations Controls (SOC’s) have three versions, and understanding which
control applies to you takes some research.
Sponsored by http://www.DataCenterLeadGen.com
Here are five of the problems which data center CEOs are experiencing with meeting SSAE
requirements, and some resources of information you should find helpful in determining the services
and strategies you need to put in place for your managed services facilities.
Sponsored by http://www.DataCenterLeadGen.com
1. The Costs of the ReportHaving an audit conducted of your data center to produce a report starts at around $15,000. When the CEO of a new hosting provider or colocation
facility tries to justify the cost of the report, against the potential loss of customers who require SSAE
compliance, it is tempting to just pursue other security and reliability standards. Costs are likely
to be in the $25,000 to $30,000 range.
Sponsored by http://www.DataCenterLeadGen.com
It isn’t just the pure dollar cost of the report either. Whether or not SSAE 16 certification is required by law is uncertain. A lot of the information which is
published about the standard is written for lawyers, accountants, and consultants as opposed
to technology business executives.
Sponsored by http://www.DataCenterLeadGen.com
Weighing the expense of having a specific report completed vs marketing to a target market that doesn’t require SSAE certification, or just turning
down the suggestion of the audit is an option which data centers need to consider.
Sponsored by http://www.DataCenterLeadGen.com
2. Intentional Acts
Though most data center personnel is professional, reliable and morally astute, an audit may uncover
what seems to be a “Band-Aid” fix on a control which can drastically change the direction of the entire
audit.
Sponsored by http://www.DataCenterLeadGen.com
One audit exposure is likely to intensify on every line item on the report, and the costs of remediating gaps might not be in the immediate operating
budget. There is also another (less strict) report which data center executives can consider called the
ISAE 3402.
Sponsored by http://www.DataCenterLeadGen.com
These standards all have a similar PR company creating names for them, and it may take a number of reads of the acronyms to remember them, not to
mention the reports which they support.
Sponsored by http://www.DataCenterLeadGen.com
3. Reports are Mandatory for Data Centers Serving Certain Industries
Data centers which manage information for these industries require SSAE 16 compliance:
Sponsored by http://www.DataCenterLeadGen.com
•Financial services•Government•Healthcare•Extended public sectors such as schools and social services•Many regulated industries such as utilities, retail, and xSPs hosting e-commerce sites are under high security/audit scrutiny
Sponsored by http://www.DataCenterLeadGen.com
If you are a data center which serves these industry segments, having the appropriate SOC/SSAE 16 report completed by your CPA is recommended.
Sponsored by http://www.DataCenterLeadGen.com
4. Preparation for SSAE 16 Audits
Having the appropriate documents, personnel, and other resources is required for an SSAE investigation. There may be individuals on your staff who may be
required for delivery and management of your facility.
Sponsored by http://www.DataCenterLeadGen.com
On a positive note, the CPA could provide your team with good insights on how their work, and following SSAE standards can help them be more effective at
their job, and to improve the operations of your service.
Sponsored by http://www.DataCenterLeadGen.com
The documentation the auditor requires hopefully won’t be difficult to pull together, and you
company’s privacy is assured, as their report does not ship your documents to any third party
assessors. It never hurts to confirm this with the auditor, though, before they roll up their sleeves.
Sponsored by http://www.DataCenterLeadGen.com
5. Many Options, Not All Seem Relevant
There are many combinations of SSAE 16, SOC 1, SOC 2, and SOC 3 which you can sign up for, and have audited. SSAE 16 SOC 1 is about financial
compliance, and not technology security, reliability and scalability.
Sponsored by http://www.DataCenterLeadGen.com
So many data center CEOs may allow their existing accounting documents to stand for their financial audits, as opposed to having one done for their customer’s “satisfaction” or “peace of mind.”
Sponsored by http://www.DataCenterLeadGen.com
Some reports may be done on SOC 1 and a data center might promote that it has been certified against SOC 2 or 3 without knowing
the specifics about those technical evaluations.
Sponsored by http://www.DataCenterLeadGen.com
Unlike PCI DSS compliance, there isn’t a wealth of business-friendly websites from a central organization; you’ll find more data from 3rd
party auditors than the AICPA itself.
Sponsored by http://www.DataCenterLeadGen.com
Have you contracted with a CPA to conduct a thorough review of your data center financials, personnel, and/or infrastructure technology? Have you had an SSAE audit completed, and
now wonder what the strategic value of it was?
Sponsored by http://www.DataCenterLeadGen.com
Tell us about your experiences in the Comments section below!
Sponsored by http://www.DataCenterLeadGen.com
Copyright © SP Home Run Inc. SP Home Run is a Registered Trademark of SP Home Run Inc. All Worldwide Rights Reserved.
Recommended Reading
Learn How Colocation Data Centers Can Create a Scalable, Data-Driven, Marketing and Sales Funnel That Powers Growth
Download Your Free Copy Now at http://www.DataCenterLeadGen.com