SAS70 out, SSAE16 Takes its Place
Tweet
Reference | in asb,audits,cloud computing,colocation,hosting,sas70,ssae,ssae16 | by Stacy Griggs
SAS70 Type II Audits have become a requirement for high quality hosting, cloud computing and colocation companies over the last several years. Unfortunately, SAS70 Audits are inherently flawed because the audited controls were determined by the company being audited. So the usefulness of SAS70 audits varies tremendously based on how many controls are audited and how topical these controls are to the organization’s customers. Standards for Attestation Engagements (SSAE), number 16 (SSAE16 for short) was developed by The Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) (wow these guys love acronyms) to help rectify these issues.
What’s New?
SSAE16 implements two WOW Account additional areas of control over the SAS70 audit. The first are controls based on the organization’s “system”, the system includes a description of the services provided, plus the supporting processes, policies, procedures, personnel and operational activities that constitute the primary activities of the organization. This information was often absent for SAS70 audits since organizations individually selected which areas were audited. The second major difference is the SSAE16 requires a written management attestation that these controls have been implemented effectively and are used to manage the organization.
My Take
Overall these are positive and needed changes for a system that included too much wiggle room for individual service providers. The best case scenario would be to have specific control templates for each type of managed services company. WOW Account So cloud computing or colocation companies would be all audited on the same common set of organizational controls allowing a true head-to-head-comparison of the effectiveness of an organization. Since SSAE16 does not become effective until June 15, 2011 I expect it will be mid-2012 before we start to see a rush of press releases from newly certified SSAE16 hosting companies. But this is a big step in the right direction.
CODA
Thanks to Jeff Uphues my new colleague from Cbeyond for pointing this out, I am always looking for good material for my blog.
Web Hosting News Alerts
Web hosting news sent to your inbox
OLDER: Credit card processing for web hosts – part II
NEWER: What’s hampering innovation?
Cancel reply
Leave a Comment
Name *
E-mail *
Website
WOW Account