SAS70 & SSAE16 Compliant Datacenter

datacenterAs the recent Target hacking demonstrated, it is vital for private information to stay that way. For Data102 and other datacenters that house large amounts of private and sensitive information, it is crucial to maintain appropriate controls and security, as well as to be able to deliver such reassurance to clients.

To give customers peace of mind, there are a number of standards that have been implemented to ensure that a datacenter can be trusted; these are outlined in the Statement on Auditing Standards No.70 (SAS70) and the Statement for Standards for Attestation Engagements No. 16 (SSAE16).

A service organization or service provider that is SAS70 and SSAE16 compliant is showing that they have been through a thorough audit examination and that control objectives and control activities—which typically include controls over information technology and corresponding processes—as well as safeguards have all been demonstrated to be adequate and effective.

Though SAS70 is a widely recognized auditing standard, it does not provide a list of pre-determined criteria; auditors must still follow standards set by the American Institute of Certified Public Accountants (AICPA) for fieldwork, quality control, and reporting. So, as of June 15, 2011, SSAE16 was created by AICPA with the goal of upgrading the US service organization’s standard of reporting so that it adheres with the new International Service Organization standard (ISAE3402). Since then, SSAE16 has managed to replace SAS70 as the top guide for reporting on service organizations.

A compliant datacenter provides a measure of benefits and value to its customers. They can retrieve reports and thus obtain valuable knowledge regarding the established controls and the effectiveness of those controls, which are known as Service Auditor’s Reports. There are two types of these reports:

  • Type 1 provides a description of controls at a specific and particular point;
  • Type 2 includes this description and provides details regarding the testing of controls over a period of six months. With a Type 2 report, customers can also determine whether these controls were in operation, satisfactorily designed, and operating productively. Without this report, there will be an assortment of requests for an audit and multiple visits can put a strain on resources. With a Service Auditor’s Report, customers and their auditors have access to the same information, which should be satisfactory to both parties.

A SAS70 & SSAE16 compliant datacenter proves a lot by having these examinations made. It sets itself apart from its peers by showing the installation of control objectives and adequately designed control activities. If customers use a datacenter that is not SAS70 & SSAE16 compliant, they will have to arrange for an auditor to pay a visit to that organization to examine its controls and operations, an action that will likely cost the customer money. More than that, though, you can be sure that a datacenter that is compliant, like Data102, can be trusted with your data.


Colorado Springs Datacenter Completes SSAE 16 Reporting


Data102 LLC Completes Examination in Conformity with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization

SSAE16Data102 LLC, a Colorado Springs datacenter and IT services provider, today announced that it has recently completed its examination in conformity with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization as of October 31st, 2012 that was performed by an independent accounting and auditing firm.

Completion of the SSAE 16 Type I examination indicates that selected Data102 processes, procedures and controls have been formally evaluated and tested as of a given date by an independent accounting and auditing firm. The examination included the company’s controls related to its colocation services.

SSAE 16 is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for a user entity’s management to obtain assurance about service organization internal controls without conducting additional assessments. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SSAE 16 reports even more important to the process of reporting on effective internal controls by public companies.

A SSAE 16 examination is widely recognized, because it represents that a service organization has been through an evaluation of their control activities as they relate to an audit of the financial statements of its customers. A Type I report includes the service organization’s system description and the design of the service organization’s controls.

“We are very excited to be able to offer our customers a policy-driven, process-oriented service that has been vetted to meet stringent SEC standards, while continuing to provide strong value,” said Travis Taylor, Director of Business Development. He added “this endorsement is not easy to get, and we are pleased to pass on the benefits of SSAE16 certification to our existing and future customers.”

About Data102 LLC
Data102, LLC is a Colorado Springs datacenter and IT services provider. They offer a breadth of services including colocation, bandwidth, last mile Internet and Voice over IP, virtualization, managed firewalls and hosting. For more information about Data102 LLC, visit:

View this press release at