As a Data Center, there are three (3) critical issues you need to be aware of regarding SSAE 16 compliance.
Santa Monica, CA (PRWEB) June 27, 2011
SSAE 16 data center compliance seems to be a hot topic these days, due in large part to the new AICPA Statement on Standards for Attestation Engagements (SSAE ) No. 16 replacing SAS 70. Many accountants, auditors, and data center industry participants alike have assumed that the switch from SAS 70 to SSAE 16 is merely academic, with minimal changes. If this approach is undertaken by some within the data center industry, then they will be hindering the actual deployment and the intended benefits of the new SOC framework reporting regimen. Get the facts today on SSAE 16 data center compliance by learning about 3 critical "must know" points brought to you by NDB Accountants & Consultants (NDB), a nationally recognized PCAOB CPA firm.
Thus, the following three (3) critical issues need to be fully examined and comprehensively understood regarding SSAE 16 data center compliance:
1. Understanding the SOC 1 vs. SOC 2 debate for Data Centers
If you look at the true intent of the new AICPA Service Organization Control (SOC) reporting framework, there is a sincere effort to try and separate service organizations into their proper and respective reporting platforms. The SOC 1 framework, for which SSAE 16 is the professional standard used for issuing these reports, is focused on establishing a credible link with the internal control over financial reporting (ICFR) concept. But where do data centers fit into the new SOC framework?
2. Know that provisions within SSAE 16 “may” allow Data Centers to achieve SSAE 16 Compliance
Even with all the arguments against using SSAE 16 for data center compliance, the "relevancy" phrase within the standard seems to allow enough flexibility within the SSAE 16 standard for data centers to be issued this type of assessment report by CPA firms. How so?
3. Be aware that Multiple Reports may be the norm, but inappropriate
Curiously, some CPA firms have been issuing both SOC 1 (SSAE 16) and SOC 2 (AT 101) reports for data centers, claiming each report has its own merits and qualifications. Will this continue and for how long?
To learn the answers to these three (3) pressing questions, view and download the entire technical whitepaper at the official SSAE 16 Resource Guide, developed by NDB Accountants & Consultants.
NDB Accountants & Consultants (NDB) is a nationally recognized CPA and Advisory firm specializing in the field of regulatory compliance, ranging from SOC Reports (SSAE 16 and AT Section 101 for SOC 1 and SOC 2, respectively), PCI DSS compliance, to HIPAA, FISMA, and GLBA compliance, just to name a select few. The last decade has seen security, governance, and compliance issue permeate all layers of business, due in large part to the Sarbanes Oxley Act of 2002 and various other state and federal laws and regulations. As such, NDB has been on the forefront of many of these compliance initiatives, developing highly efficient and cost-effective auditing methodologies, while providing first-class, resource rich web portals for educational purposes, such as the highly acclaimed SAS 70 Resource Guide, the PCI DSS Resource Guide along with the ISAE 3402 Resource Guide.