I keep hearing from managed services providers and data center providers that brag about achieving SAS 70 compliance. But here's the problem: SAS 70 is a dying (or dead...) auditing and compliance standard, replaced by SSAE 16.
Some data center providers have already jumped on the SSAE 16 bandwagon, and more will certainly join the parade as customers and cloud partners discover the new auditing initiative.
Early SSAE 16 adopters include:
- Adhost Internet, a colocation and Web services provider in Seattle, Wash. The audit was performed by Accell, a full-service audit and consulting firm.
- CoreSite Realty Corp., a member of our Talkin' Cloud Stock Index. Eleven CoreSite data centers have completed their SSAE 16 Type 2 audits. BrightlLine, a licensed CPA firm, conducted the CoreSite SSAE 16 audit over a 12-month period ending June 30, 2011, according to a CoreSite statement.
- Datapipe, the managed services and data center infrastructure specialist, says its San Jose, Calif. and Somerset One and Somerset Two, N.J., facilities have completed SSAE 16 audits.
- PRO Unlimited, a SaaS and managed services provider in Boca Raton, Fla., says it completed a successful SSAE audit in August 2011.
But What Exactly Is SSAE 16?
I suspect dozens of additional cloud data center providers are undergoing SSAE 16 audits right now. According to the SSAE 16 Resource Center:
"SSAE 16 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS70. The changes made to the standard will bring your company, and the rest of the companies in the US, up to date with new international service organization reporting standards, the ISAE 3402. The adjustments made from SAS 70 to SSAE 16 will help you and your counterparts in the US compete on an international level; allowing companies around the world to give you their business with complete confidence."
Data centers that complete successful SSAE 16 audits can give customers peace of mind. The audits, according to the SSAE 16 resource center, ensure that data centers have:
- sufficient data and power redundancy;
- appropriate physical security (security guards, biometric scanning, video cameras, etc.);
- monitors for excessive temperature fluctuations;
- timely alert tracking and reviews; Reviews Alerts on a Timely Basis; and
- proper fire and water detection (and protection) systems.
SAS 70 certainly had its day in the sun. But the move to SSAE 16 audits seems to be under way.