SAS 70, SSAE 16 and SOC Comparison

What’s the difference between SAS 70, SSAE 16 and SOC?

SSAE 16 SOC 2 SOC 3 Logo

SAS 70 is the old standard that was never designed for certain service organizations that offer colocation, managed dedicated servers or cloud hosting services. It was initially established to provide auditors information and verification about data center controls and processes as it relates to the data center user and their financial reporting.

A SAS 70 audit does not set any standards for data center excellence; it merely verifies that the controls and processes set in place by a data center are actually followed. Additionally, no certification exists for SAS 70, only an auditing process. The problem arose that the data center service industry required some type of certification of excellence.

The SSAE 16 (Statements on Standards for Attestation Engagements No. 16) goes beyond SAS 70 by not only verifying the controls and processes, but also requiring a written assertion regarding the design and operating effectiveness of the controls being reviewed.

The SSAE 16 audit will result in a Service Organization Control (SOC) 1 report. This report focuses on internal controls over financial reporting. A SOC 1, Type 1 report focuses on the auditors’ opinion of the accuracy and completeness of the data center management’s design of controls, system and/or service. A SOC 1, Type 2 report includes Type 1 and an audit on the effectiveness of controls over a certain time period, normally between six months and a year.

SOC 2 and SOC 3 provide pre-defined, standard benchmarks for controls related to the security, availability, processing integrity, confidentiality, or privacy of a system and its information.

A SOC 3 report is for general use, and provides a level of certification for data center operators that assure data center users of facility security, high availability and process integrity. While a SOC 2 report includes service auditor testing and results, a SOC 3 report provides only the system description and auditor opinion.

Find more information about SAS 70, SSAE 16 & SOC:

SOCs and SASs: The New Standards for Service Organization Controls Reporting
SAS 70, SSAE 16, SOC 2 and SOC 3 Data Center Standards

Want to stay informed on all things Online Tech?

Case Study

The Challenge

Michigan Millers Mutual Insurance needed a SAS 70 and SSAE 16 certified data center that was on different power grids and located closely to their headquarters.

The Solution

Michigan Millers selected Online Tech’s colocation services with highly redundant cooling, network connections, and backup systems.

Benefits for Michigan Millers

Has access to SAS 70 certified data centers on different power grids
Customer data is safely stored and can restore critical systems
Online Tech flexibility of services helped met their needs

Download the PDF version >

Join us for a free webinar, The Affordable Way to Maintain Security and Compliance with Two-Factor Authentication with Dug Song of Duo Security and Jason Yaeger of Online Tech.

When: June 4 @ 2 P.M. ET

Excellent Support

Our experience with their support team has been excellent. It is very comforting knowing that we can give them a call and right away they can help us.

- Ed de Leon, VP of IT, Sylectus

Onlinetech

Compliant Hosting

Call Today 1-734-213-2020