Lifeline Data Centers is SSAE 18 SOC 2 Certified. Standards for Attestation Engagements (SSAE 18) is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, previously, SAS 70.
The SOC 2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, as opposed to SSAE 18 SOC 1 which is focused on the financial reporting controls.
How SSAE 18 SOC 2 benefits your organization
The Trust Service Criteria, which SOC2 are based upon, are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the criteria have corresponding points of focus, which should be met to demonstrate adherence to the overall criteria and produce an unqualified opinion (no significant exceptions found during your audit). One benefit to the trust services criteria is that the requirements are predefined, making it easier for business owners to know what compliance needs are required of them and for users of the report to read and assess the adequacy.
Lifeline Data Centers is considered compliant with FISMA and maintains a current SSAE18 SOC2 Audit Report. We also have a full list of certifications. For more information on Lifeline Data Centers and FISMA, check out some of our articles:
What is SSAE 18?
SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70. The changes made to the standard this time around will require companies to take more control and ownership of their own internal controls around the identification and classification of risk and appropriate management of third party vendor relationships. These changes, while, not overly burdensome, will help close the loop on key areas that industry professionals noted gaps in many service organization’s reports.
What is FISMA?
With compliance comes many different regulations and standards that must be followed in order to be a compliant data center. The Federal Information Security Management Act, or FISMA for short, is one of the key regulations for federal data security standards and guidelines. It was established in 2003 with the goal of providing standardized regulations for information and data security, which would ultimately lead to higher data protection standards across the data center industry.
SSAE 18 SOC 2 Scope
SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70. The changes made to the standard this time around will require companies to take more control and ownership of their own internal controls around the identification and classification of risk and appropriate management of third party vendor relationships.
The SOC 2 report focuses on a business’s non-financial reporting controls as they relate to:
- Security – Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and effect the entity’s ability to meet its objectives.
- Availability – Information and systems are available for operation and use to meet the entity’s objectives.
- Processing Integrity – System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
- Confidentiality – Information designated as confidential is protected to meet the entity’s objectives.
- Privacy – Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.