Editors note: Data center certifications are required by more companies that ever before. Governments, vendors and customer require data center certfications as a condition of doing business. SSAE 16 is the replacement for SAS 70 data center certifications.
SSAE 16 is one of the most widely known tools for providing assurances to data center customers. It is demanded by customers and there is no substitute for it.
And yet, a myth that the SSAE 16 standard is not applicable to the industry persists. As such, data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability.
The Technical Basis
The technical guidance for SSAE 16 has two major components which are the SSAE 16 standard itself and the related guide titled “Service Organizations –Applying SSAE No. 16, Reporting on Controls at a Service Organization (SOC 1)”.
The very first paragraph of the SSAE 16 standard states that it is applicable when reporting on “controls at organizations that provide services to user entities [i.e., customers] when those controls are likely to be relevant to user entities internal control over financial reporting.”
More of the SOA World article from Chris Schellman