|SSAE 16 reports only on controls related to financial reporting. If you need assurance of controls directly related to data centers, including privacy, security and availability, you should look for a SOC 2 report.|
As the first Michigan data center operator to achieve SSAE 16 Type II certification for both our Ann Arbor data center and Mid-Michigan data center, we can verify we provide a highly secure and compliant hosting environment.
SSAE 16 has replaced the original standard – SAS 70. If you need a data center partner that has the most current certifications to satisfy national compliance requirements, Online Tech can provide the security your company needs. Take advantage of our audit status and apply it to your own hosted applications or data.
A SSAE 16 audit measures the controls related to financial recordkeeping and reporting, the same as a SOC 1 report.
What is SSAE 16?
In April 2010, the AICPA (American Institute of Certified Public Accountants) announced the retirement of SAS 70 to be replaced by SSAE (Statement on Standards for Attestation Engagements) 16.
SAS 70 does not set any standards for data center excellence; it merely verifies that the controls and processes set in place by a data center are actually followed. It was also intended to report on the financial controls of an organization. SSAE 16 is different because it not only verifies controls and processes, but also requires verification of design and operating effectiveness.
There are two types of SSAE 16 audits:
- Type 1 - Audtiors test the accuracy of the service provider's description and assertion.
- Type 2 - Auditors test the accuracy of the service provider's description and assertion, as well as the implementation and effectiveness of controls over a specific period of time.
In addition to SSAE 16, a new framework for examining the controls at a service organization has been established by three Service Organization Control (SOC) reports.
Find out more about the changing standards and the latest news on SSAE 16, SOC and SAS 70: