posted by Paul Peeler
On Feb 22nd, 2013, Caronet completed the SSAE 16 SOC 1 Type I audit. Currently we are working on our SOC 1 Type 2 audit to be completed in Q3 2013. If you’re unfamiliar with this process you may be wondering why this is important, why you should care, or what SSAE 16 is in the first place. I’m going to attempt to answer that with as little “legalease” as possible.
Audit what? Why? What is this SSAE 16 you speak of?
Essentially, the SSAE 16 is an audit of company policies and procedures as they relate to security, employees, customers, data center operations, and maintenance. This is done by an independent CPA firm and helps us show our customers and prospective clients that their information and equipment is secure and available per our Service Level Agreements.
If you’re familiar with SAS 70, you’re more familiar with SSAE 16 than you think. SSAE 16 went into effect in June 2011, and has additional requirements that go beyond what was required for SAS 70. This new set of guidelines brings US companies current with international service organization reporting standards (ISAE 3402).
And that’s important to me, why?
SSAE 16 audits have become even more important for service providers since the passing of Sarbanes-Oxley legislation, which require a company’s business partners to have adequate internal controls. Caronet’s customers can easily incorporate our Service Auditors’ Report in their own financial audits.
Compliance with Regulations
The audit can also help our customers to comply with regulations such as HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act of 1999), and the international standard ISO 27001 (ISMS).
Credibility and Trust
Completing the SSAE 16 audit is also good for our customers when they are talking to their own clients and prospects. We work with a lot of resellers, partners, and software providers. When their customers are looking for solutions or hosted services, they often want to know where the physical infrastructure lives and who is running it.
Startups Seeking Capital
Startups that are looking for investors or venture capital will find that there can be strict security requirements that surround the process of acquiring that capital. Going with a provider who already undergoes annual audits will satisfy most if not all of those requirements.
Sum it up…please!
At Caronet we hold ourselves to a higher standard. By completing annual audits we show our commitment to providing the highest security and availability of services that we provide to you. Even if your particular business doesn’t require it. Because we like you.
I hope this was helpful and would love your feedback. Feel free to ask questions in the comments and I will respond quickly.