Online Tech Operating Under New SSAE 16 and SOC 3 Audit Standards

Michigan Data Centers Move Beyond SAS 70 to More Stringent Data Center Standards

Online Tech is moving beyond the SAS-70 data center audit and is now operating under the industry's newest standards - SSAE 16, SOC 2 and SOC 3. These new reporting standards for top tier data centers operating under a strong set of security and operating controls will become effective in the industry after June 15, 2011.

The Statement on Auditing Standards No. 70 (SAS 70) has been the primary audit standard for data centers for almost 20 years. Since 1992, data center users have relied on SAS 70 reports to gain assurance that their data centers were secure and operating under proper control systems. Online Tech was the first colocation and private cloud provider in Michigan to complete SAS 70 Type 2 audits for both of its data centers.

SSAE 16 (Statements on Standards for Attestation Engagements no. 16) is the next generation in auditing standards for data centers in the United States. SSAE 16 goes beyond SAS 70 by requiring a written management assertion on controls designs, objectives and implementation that is included in the audit process. SSAE 16 also provides better alignment with the international ISAE 3402 audit standards.

The more stringent Service Organization Control (SOC) audit reports have a stronger set of controls and requirements specifically designed around data center service organizations. SOC 2 and SOC 3 provide a standard benchmark by which two data center audits can be compared against the same set of criteria. As opposed to SSAE-16, where the data center operator defines the criteria for the audit, SOC 2 Report uses specifically pre-defined control criteria for security, availability, process integrity, confidentiality and privacy. SOC 3 is the report provided by auditors for public dissemination on the SOC 2 audit results.

David Barton, a Principal with UHY LLP in Atlanta, GA says, "As the marketplace begins to understand these new reporting options, we believe that SOC 2 and SOC 3 reports will provide a much better basis for evaluation and comparison of certain types of service providers such as colocation data centers, cloud computing and software as a service (SaaS) providers. Online Tech has become an early adopter of these new reporting standards in order to ensure their customers have the best and most pertinent information to choose a colocation and managed services partner. "

As a top tier data center operator, Online Tech has committed to deliver SSAE 16, SOC 2 and SOC 3 audit reports to its clients that meet the most stringent data center standards. "With our commitment to quality and repeatable processes in every aspect of our business, we will assure our clients that we operate under the highest data center standards in the industry," said Mike Klein, President of Online Tech. "An independent audit of our process and controls of our data centers has and always will be an important part of our business and assures that we truly do what we say and say what we do."