(The Hosting News) – In 2012, SOC 2 reports were about 7% of the totalSOC audits for data centers, while in 2013 so far 14% of the audits have been for SOC 2, a YOY% growth of 100%. Reckenen Inc. surveyed 91 data centers and found that 90% of the colocations data centers are SOC compliant. 82% of the data centers are SOC 1 orSSAE16 audited. The remaining 18% are either SOC 2 or SOC 3 compliant.
After the issuance of SOC reporting framework in June, 2011, most data centers which had a SAS 70 certification initially obtained SOC 1 (SSAE 16) examination. SOC 1 (SSAE 16) is primarily for ensuring control over financial reporting by the user organizations. AICPA came up with SOC 2 for service organization like colocations and web hosts to provide a standard benchmark by which two data centers could be compared with. The top reasons for obtaining SOC compliance cited by data centers are: client needs (42%), competition (21%), and marketing advantage (17%).
“SOC 2 reports cover for the deficiencies of SSAE 16 by providing a standard benchmark by which two data centers’ audit reports could be compared,” said Hassan Sultan, Partner at Reckenen Inc. “Looking forward, SOC 1 coupled with SOC 2 audits are becoming the standard for data centers and cloud based service providers.”
SOC 2 reports are designed to meet the needs of existing or potential customers who need assurance about the effectiveness of controls at a service organization that are relevant to the security, availability, or processing integrity of the system used by the service organization to process customers’ information, or the confidentiality or privacy of that information. The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA) for use by practitioners in the performance of SOC 2 engagements:
- Security. The system is protected against unauthorized access (both physical and logical).
- Availability. The system is available for operation and use as committed or agreed.
- Processing integrity. System processing is complete, accurate, timely and authorized.
- Confidentiality. Information designated as confidential is protected as committed or agreed.
- Privacy. Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.
The Reckenen’s report, SOC/SSAE16 Insights, is based on a survey of 91 data centers located in United States by data centers by size, sophistication, and ownership. The report provides the data center owners and decision makers with the industry trends in SOC reporting standards, the time when the reports and the audits are conducted, and the top reasons why data centers are choosing to get audited.
Reckenen provides SOC audit services to data centers and other service organization. It offers a sophisticated array of services and capabilities to clients, combined with the personal attention of experienced professionals. Its professional staff is driven to understand each client’s business and fully prepare it to meet unique challenges in a manner that’s personal, proactive, and progressive. To learn more, please visit http://reckenen.com.