SOA World: Why Data Centers Need SSAE 16

Editors note: Data center certifications are required by more companies that ever before. Governments, vendors and customer require data center certfications as a condition of doing business. SSAE 16 is the replacement for SAS 70 data center certifications.

SSAE 16 is one of the most widely known tools for providing assurances to data center customers. It is demanded by customers and there is no substitute for it.

And yet, a myth that the SSAE 16 standard is not applicable to the industry persists. As such, data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability.

The Technical Basis
The technical guidance for SSAE 16 has two major components which are the SSAE 16 standard itself and the related guide titled “Service Organizations –Applying SSAE No. 16, Reporting on Controls at a Service Organization (SOC 1)”.

The very first paragraph of the SSAE 16 standard states that it is applicable when reporting on “controls at organizations that provide services to user entities [i.e., customers] when those controls are likely to be relevant to user entities internal control over financial reporting.”

More of the SOA World article from Chris Schellman

Alex Carroll

Alex Carroll

Managing Member at Lifeline Data Centers
Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.