Why you can Trust a SSAE-16 Certified Data Center
Data Cave recently completed an annual audit for its SSAE-16 certification, the highest internationally-accepted standard for service organizations. Having this certification is an assurance that an organization meets a wide range of compliance controls and standards, especially where factors like security and uptime are concerned.
While most companies will make it a point to advertise that they are SSAE-16 certified (even we do it, just look at our website header!), I want to go a step further and provide some details for you on what measures go into these audits, and why they are so important for both Data Cave, and for you.
It’s all about TRUST
While the different types of reporting that go into a SSAE16 audit are very complex, they all revolve around trust, since this certification is essentially a measure of how trustworthy an organization is, and how well equipped it is to keep its promises. SSAE-16 certification centers around the 5 following “Trust Service Principles”:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.
(Official definitions of the trust service principles courtesy of the American Institute of CPA’s)
The audit process
The process involved with becoming SSAE-16 certified (and keeping up with that certification) is a lengthy one, taking several months to complete each year. The reason for this lies in the level of detail that the audit goes through. Rather than just going through a high-level review of the business’ internal processes, the audit delves much deeper to answer the following questions:
- What specific physical and digital measures does the business have in place to ensure maximum security of their internal systems, as well as client-owned systems?
- What specific measures does the business have to ensure the highest level of availability possible?
- What does the business have in place to ensure that its system processing is timely and accurate?
- What specific measures does the business take to ensure that any client data or equipment is kept completely confidential and private?
You may notice that I used the word “specific” several times. That is because the audit process itself is very specific, looking at things such as documented business processes (and then seeing them in action), a technical review of the facility and internal infrastructure, a review of security policies, among many other measures. It is as thorough a review as you can really get for a service provider.
What it means
At the end of the day, being SSAE-16 certified means more than just a piece of paper or a logo we can put up on our website. What it signifies is that we have done our homework and put the right measures and policies in place that ensure the highest levels of availability and security possible for our clients. Most importantly though, having this certification shows that we are a trusted data center service provider. This trust is something we take very seriously, and we are proud to be SSAE-16 certified.
If you would like to learn more about what goes in to becoming SSAE-16 certified, or wish to discuss your colocation/disaster recovery options, Contact us today! We will be happy to begin the conversation with you.
Share this with your friends!