SSAE 16

SSAE 16 Compliance

 

SSAE 16 (formerly SAS 70) Type 2

The new service organization reporting standard, Statement on Standards for Attestation Engagements SSAE 16, is effective as of June 15, 2011. SSAE 16 supersedes Statement on Auditing Standards SAS 70 with the professional guidance on performing the service auditor’s examination.SSAE 16 SOC 2

Our data centers have obtained a Service Organization Controls 1 (SOC 1), Type II report. The audit for this report is conducted in accordance with the Statement on Standards for Attestation Engagements (SSAE 16) and the International Standards for Assurance Engagements 3402 (ISAE 3402) professional standards. This dual-standard report is specifically intended to meet the needs of our customers and their auditors, as they evaluate the effect of the controls on their financial statement assertions. The SOC 1 report attests that our data centers’ control objectives are appropriately designed and operating effectively.

Global Data Vault can provide these reports upon request. These reports explain the internal control descriptions and security procedures in place to assist you in meeting your compliance requirements.

SOC 2 on the Security and Availability Trust Services Principles

In addition to the SOC 1 report, our data center obtains a Service Organization Controls 2 (SOC 2), Type II report. Similar to the SOC 1 in the evaluation of controls, the SOC 2 report is an attestation report that is an evaluation of controls specific to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The principles define leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the criteria for the security and the availability principles set forth in the AICPA’s Trust Services Principles criteria.

Upon request and under NDA, this report is also available to our customers.

cloud mobility

Cloud Mobility – Buzz Words or Pain Point?

Do an internet search on “cloud mobility,” and you will get a TON of results.  The definition(s) can be confusing, but basically it describes the ability to avoid locking in workloads to a specific cloud vendor.  Diversification of resources between private and public...

The Air Gap Controversy

The Air Gap Controversy In a previous blog post, we talked about the 3-2-1-1 data protection concept as well as “air gaps.” We’ve also discovered that viruses can corrupt files that are written to air-gapped technologies, such as tape, rendering them useless, and the...
gartner magic quadrant

Gartner Magic Quadrant for Data Center Backup and Recovery

Veeam Software is an unusual participant in the Gartner Magic Quadrant given that they entered it in the visionary section, and were the first company to do so with only a virtualization offering.