SSAE 16 Data Center Compliance and 3 Critical "Must Know" Points White Paper Issued by NDB, LLP

Share Article

SSAE 16 data center compliance seems to be a hot topic these days, due in large part to the new AICPA Statement on Standards for Attestation Engagements (SSAE ) No. 16 replacing SAS 70. Many accountants, auditors, and data center industry participants alike have assumed that the switch from SAS 70 to SSAE 16 is merely academic, with minimal changes. Unfortunately, this is incorrect. Get the facts today on SSAE 16 data center compliance by learning about 3 critical "must know" points brought to you by NDB Accountants & Consultants (NDB), a nationally recognized PCAOB CPA firm.

News Image
As a Data Center, there are three (3) critical issues you need to be aware of regarding SSAE 16 compliance.

SSAE 16 data center compliance seems to be a hot topic these days, due in large part to the new AICPA Statement on Standards for Attestation Engagements (SSAE ) No. 16 replacing SAS 70. Many accountants, auditors, and data center industry participants alike have assumed that the switch from SAS 70 to SSAE 16 is merely academic, with minimal changes. If this approach is undertaken by some within the data center industry, then they will be hindering the actual deployment and the intended benefits of the new SOC framework reporting regimen. Get the facts today on SSAE 16 data center compliance by learning about 3 critical "must know" points brought to you by NDB Accountants & Consultants (NDB), a nationally recognized PCAOB CPA firm.

Thus, the following three (3) critical issues need to be fully examined and comprehensively understood regarding SSAE 16 data center compliance:

1. Understanding the SOC 1 vs. SOC 2 debate for Data Centers

If you look at the true intent of the new AICPA Service Organization Control (SOC) reporting framework, there is a sincere effort to try and separate service organizations into their proper and respective reporting platforms. The SOC 1 framework, for which SSAE 16 is the professional standard used for issuing these reports, is focused on establishing a credible link with the internal control over financial reporting (ICFR) concept. But where do data centers fit into the new SOC framework?

2. Know that provisions within SSAE 16 “may” allow Data Centers to achieve SSAE 16 Compliance

Even with all the arguments against using SSAE 16 for data center compliance, the "relevancy" phrase within the standard seems to allow enough flexibility within the SSAE 16 standard for data centers to be issued this type of assessment report by CPA firms. How so?

3. Be aware that Multiple Reports may be the norm, but inappropriate

Curiously, some CPA firms have been issuing both SOC 1 (SSAE 16) and SOC 2 (AT 101) reports for data centers, claiming each report has its own merits and qualifications. Will this continue and for how long?

To learn the answers to these three (3) pressing questions, view and download the entire technical whitepaper at the official SSAE 16 Resource Guide, developed by NDB Accountants & Consultants.

About NDB
NDB Accountants & Consultants (NDB) is a nationally recognized CPA and Advisory firm specializing in the field of regulatory compliance, ranging from SOC Reports (SSAE 16 and AT Section 101 for SOC 1 and SOC 2, respectively), PCI DSS compliance, to HIPAA, FISMA, and GLBA compliance, just to name a select few. The last decade has seen security, governance, and compliance issue permeate all layers of business, due in large part to the Sarbanes Oxley Act of 2002 and various other state and federal laws and regulations. As such, NDB has been on the forefront of many of these compliance initiatives, developing highly efficient and cost-effective auditing methodologies, while providing first-class, resource rich web portals for educational purposes, such as the highly acclaimed SAS 70 Resource Guide, the PCI DSS Resource Guide along with the ISAE 3402 Resource Guide.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Chris Nickell
NDB
1-800-277-5415 706
Email >

Charles Denyer
NDB
1-800-277-5415 705
Email >
Visit website