Posts Tagged ‘certification’


SSAE 16 – The new SAS 70?

By Ray Hagen | May 27, 2010

When you entrust your company’s data and applications to a data center facility, you’ll want to ensure that the facility is prepared to offer you the highest standard of reliability.

When the American Institute of Certified Public Accountants (AICPA) certifies an organization or a data center through their internationally recognized auditing standards, it is a shining testament to that organization’s or data center’s dependability.

Introducing SSAE 16
For a long time, the AICPA’s SAS 70–level certification represented the gold standard in reliability, but there’s a new sheriff in town. In April 2010, the AICPA Auditing Standards Board issued a new certification: the long awaited Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization.

What does that all mean? It means that an SSAE 16–certified organization or data center has achieved the most updated standard of reliability. Considered a “21st century version” of the previous Statement on Auditing Standards (SAS 70), SSAE 16 was chosen as a result of CPAs providing attestations on subject matter other than the fairness of the presentation of financial statements.

It is expected that SSAE 16 will be formally issued in June 2010 with an effective date of June 15, 2011. While there is still a year until the official effective date, earlier implementation is permitted.

Why SSAE 16?

SSAE 16 was drafted with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the new international service organization reporting standard—ISAE 3402.

This all adds up to world class reliability, which is nothing less than your company deserves. To learn more, request a tour of a VISI data center.


SAS 70 Type II Data Center – Who Cares?

By Brian Stevenson | March 19, 2009

VISI data centers are currently going through our annual SAS 70 Type II review.  This review involves time from both internal and external resources (accountants and lawyers), but is necessary for maintaining our certification. I’m often asked, “If I’m a customer of data center services, why should I care?”

Let me share a real life example.  Recently we had a company approach us in a panic.  Their largest customer was completing a routine audit of their suppliers.  During this audit they required all of their suppliers to provide proof of SAS 70 Type II.   This company was required to prove SAS 70 compliance within 30 days or be terminated as a supplier.  VISI assisted this customer in moving their servers to our data center and they retained their largest customer.

We are observing more companies in the marketplace that have requirements for this certification.  The general consensus is that we are moving into a more regulated business environment.  Most publicly held firms, financial institutions, government agencies, and health care corporations require SAS 70 Type II certification.  It’s not a “nice to have”, it’s a “must have.”

When I hear that customers don’t need SAS 70, I deliberately find out if they ever plan to do business with the segments of the marketplace that require it.  Most of these organizations assume that you have these certifications in place and eventually will audit all of their suppliers.   Caveat emptor!

Want to learn more about VISI? Check out the About Us page.