Compliance isn’t just a checkbox on a piece of paper to ServerCentral. From old hardware disposal to protecting vital assets and systems, security and compliance are at the core of everything we do for our clients. We first covered our commitment to compliance when Daniel Brosk, our COO, blogged about the changes the SSAE-16 SOC 1 brought from our older SAS 70 report. Today, we have another exciting new announcement about our commitment to security and compliance:
For the audit period ending June 30, 2014, ServerCentral migrated our compliance program from the SSAE-16 SOC 1 standard to the more-secure AT-101 SOC 2.
With the help of our auditors, we adopted the very stringent policies required by the Trust Service Principles (TSPs), which are dictated by the American Institute of CPAs (AICPA). These TSPs are considered the highest level of security and safety available to a data center or managed service provider, which is why ServerCentral has embraced them fully throughout every level of our organization.
Unlike the SSAE-16 SOC 1 reporting standard, the AT-101 SOC 2 has a consistent, standard set of items to test and report for our auditors.
The SOC 1 allows a data center or service provider to choose their own rules, pick their own security standards, and to hide gaping weaknesses in their program by simply not including a control covering that weakness.
The SOC 2 has leveled the playing field, forcing all providers to use the same advanced security controls to protect your data and your systems.
ServerCentral believes in holding ourselves to the highest standard when it comes to handling, securing, and managing sensitive data and systems. While other providers might continue to use the weaker SSAE-16 SOC 1 standard, we will continue to adopt more of the TSPs during this audit period until we have implemented the full suite of controls laid out by the AT-101 standard.
Over the coming weeks, I'll follow up with information about the changes that the SOC 2 will bring to our reporting environment and our audit document. Check back for more, or better yet subscribe to our blog so you receive an update as soon as information becomes available.
Request a copy of our SOC 2 report as a client or a prospective client here.