VISI data centers are currently going through our annual SAS 70 Type II review. This review involves time from both internal and external resources (accountants and lawyers), but is necessary for maintaining our certification. I’m often asked, “If I’m a customer of data center services, why should I care?”
Let me share a real life example. Recently we had a company approach us in a panic. Their largest customer was completing a routine audit of their suppliers. During this audit they required all of their suppliers to provide proof of SAS 70 Type II. This company was required to prove SAS 70 compliance within 30 days or be terminated as a supplier. VISI assisted this customer in moving their servers to our data center and they retained their largest customer.
We are observing more companies in the marketplace that have requirements for this certification. The general consensus is that we are moving into a more regulated business environment. Most publicly held firms, financial institutions, government agencies, and health care corporations require SAS 70 Type II certification. It’s not a “nice to have”, it’s a “must have.”
When I hear that customers don’t need SAS 70, I deliberately find out if they ever plan to do business with the segments of the marketplace that require it. Most of these organizations assume that you have these certifications in place and eventually will audit all of their suppliers. Caveat emptor!