SSAE 16 Professionals New Business Line Focuses On SSAE 16 (SOC 1) and SOC 2 Audits for Data Centers

Share Article

In an increasingly competitive business environment, SSAE 16 and SOC 2 audits are providing data centers a competitive advantage amongst their competition. SSAE 16 Professionals has assembled top tier talent whose sole focus is on helping data centers undergo the SSAE 16 (SOC 1) and/or SOC 2 audit.

Delivering SSAE 16 Type I and Type II Reports

SSAE 16 Professionals, LLP

Many data centers are choosing SSAE 16 Professionals to perform their SSAE 16 audit because of our personalized approach.

Many companies today choose to outsource their physical and environmental security needs to a data center. This is primarily due to the high cost of maintaining an in-house data center and the criticality of access to information 24/7/365. The data center houses critical computer systems, hardware components, telecommunications equipment, and storage systems. Most data centers provide redundant power supplies, redundant data communication connections, electrical power, environmental controls (e.g., air conditioning, fire suppression) and internet connections. Often times, companies will only choose to contract with SSAE 16 audited data centers to ensure they maintain appropriate internal controls around security, privacy, and availability.

“Many data centers are choosing SSAE 16 Professionals to perform their SSAE 16 audit because of our personalized approach,” says Jim Jimenez, Managing Partner at SSAE 16 Professionals. “We have a unique blend of expertise coupled with good old fashioned client service.”

Industry Need

The Sarbanes-Oxley Act (SOX) requires publicly traded companies to perform an annual financial statement audit, which includes key processes that may impact the company’s financial statements. If these public companies outsource one of these key processes to your company, you will need to undergo an SSAE 16 (SOC 1) audit. The SSAE 16 audit and report can eliminate the need for your company to be subject to multiple audits from your customers and their respective auditors, most likely eliminating the need for your company receiving multiple visits from your customers’ auditors, which can place a huge strain and operational burden on your company’s limited resources.

In the past, SAS 70 reports encompassed financial reporting controls, operational controls, and compliance controls. SSAE 16 SOC 1 reports, which have effectively replaced SAS 70 reports, will be prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SSAE 16 SOC 1 reports can no longer be used for any other purpose except for reporting on the system of internal control for purposes of complying with internal control over financial reporting.

For reports that are not specifically focused on internal controls over financial reporting, the AICPA has issued an interpretation under AT Section 101 permitting service auditors to issue reports. These reports will now be considered SOC 2 reports. SOC 2 reports will focus on controls at a service organization relevant to one or more of the following Trust Services principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

SSAE 16 (SOC 1) & SOC 2 Type I and Type II Audit Reports

SSAE 16 Professionals completes both SSAE 16 (SOC 1) and SOC 2 Type I Audit Reports and SSAE 16 (SOC 1) and SOC 2 Type II Audit Reports.

  •     SSAE 16 (SOC 1) and SOC 2 Type I Reports - A report on policies and procedures placed in operation as of a specified point in time. SSAE 16 and SOC 2 Type I Reports evaluate the design effectiveness of a service provider’s controls and then confirms that these controls have been placed in operation as of a specific date.
  •     SSAE 16 (SOC 1) and SOC 2 Type II Reports - A report on policies and procedures placed in operation and tests of operating effectiveness for a period of time. SSAE 16 and SOC 2 Type II Reports include the examination and confirmation steps involved in a Type I examination plus include an evaluation of the effectiveness of the controls for a period of at least six calendar months. Most user organizations require their service provider to undergo the Type II level examination for the greater level of assurance it provides.

The SSAE 16 Professionals Difference

  •     Experience – Our leadership team has over 80 years of business management, operations and related information technology (IT) experience. Each of our professionals has over 10 years of relevant experience at “Big 4” and other large international or regional accounting firms, and most carry the designation of Certified Public Accountant (“CPA”), Certified Information Systems Auditor (“CISA”), Certified Information Systems Manager (“CISM”), or Certified Internal Auditor (“CIA”). We treat our staff as valued and highly talented peers, while omitting avoidable layers of management and associated costs.
  •     Resources – We pride ourselves in working closely and collaboratively with our clients to ensure all service related risks are addressed with appropriate control objectives and control activities. Our detailed and collaborative approach also helps to identify opportunities for improvement within our clients’ operations. Our proven methodology, flexible delivery methods, efficient economic operating model and focus on adding value for our clients are evident in everything we do.
  •     Personal Touch – Unlike many other firms, the partners and managers at SSAE 16 Professionals take a very active role in each engagement. We do not disappear after the proposal process.

Contact Us

For further information regarding SSAE 16 (SOC 1) and SOC 2 audits for Data Centers or to request a fee proposal from SSAE 16 Professionals, please visit our website at and visit our Contact Us Page or call 866.480.9485 today. We look forward to hearing from you.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jim Jimenez - Managing Partner
Visit website