What is SSAE 16?

The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of standards developed specifically for certified public accountants (CPAs) to evaluate an entity’s internal controls and the impact a service organization may have on the entity’s control environment. This is particularly important as auditors attempt to accurately audit a company’s financial statements.

The SSAE 16 standards were put in place by the American Institute for Certified Public Accounts (AICPA) and serve as the authoritative guide for in-depth audits of a third-party service organization such as 365 Data Centers. SSAE 16 is a relatively new set of standards published in April 2010 to supersede the SAS 70, the original guidelines for performing an examination of a service organization’s controls and processes.

Businesses rely on SSAE 16 audits and reports to build trust and confidence in their service provider’s ability to design, operate and control environments on which their business depends. Additionally, SSAE 16 audits may assist an entity in complying with the Sarbanes-Oxley act or similar law or regulation.

What are SOC reports?

Service Organization Controls (SOC) Reports are prepared by an auditor in accordance with SSAE 16 standards and are specifically intended to evaluate a service organizations controls. There are three SSAE 16 SOC reports:

  • SOC 1: Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting
    • Type 1: report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
    • Type 2: report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
  • SOC 2: Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
  • SOC 3: Trust Services Report for Service Organizations.

Use of these reports is typically restricted to the management of the service organization, user entities, and user auditors.

Is 365 Data Centers SSAE 16 compliant?

Yes, 365 Data Centers has been audited by a third-party auditor and found to be compliant with the SSAE 16 standards. We have an SSAE 16 Soc 1 Type 2 report that outlines the findings of the audit.

A-lign CPAs performed the audit of our Colocation Services for SSAE 16 Soc 1 Type 2 at 100% colocation facilities. They conducted their examination in accordance with the attestation standards established by the American Institute of Certified Public Accountants to assess the suitability of the design and operating effectiveness of controls to achieve the related control objectives identified.

365 received an SSAE 16 Soc 1 Type 2unqualified audit opinion delivered with no exceptions.

The scope of the assessment included 365 Data Centers’ colocation facilities in: Buffalo, NY; Chicago, IL; Cleveland, OH; Dallas, TX; Detroit, MI; Emeryville, CA; Indianapolis, IN; Nashville, TN; New York, NY; Philadelphia, PA; Phoenix, AZ; Pittsburgh, PA; Reston, VA; San Jose, CA; Seattle, WA; St. Louis, MO; and Tampa, FL.

How does SSAE 16 certification benefit your business?

Going through an SSAE 16 audit is a rigorous process. Only service organizations that have designed and implemented their controls and processes well and demonstrated operational effectiveness receive an unqualified audit opinion. Such audits are time-consuming and costly.

Businesses that use service organizations that have been audited for SSAE 16 compliance should have a higher level of trust and confidence in that organizations controls and operational capabilities. Additionally, entity’s that are being audited themselves for SSAE 16, Sarbanes-Oxley compliance or similar law or regulation will find it easier to comply with requirements when using an SSAE 16-audited service organization. This will speed compliance and reduce the cost of compliance.

Are 365 Data Centers’ SSAE 16 audit reports available to review?

Yes, 365 Data Center’s SSAE 16 audit report is available to customers and qualified prospective customers and partners upon request. Please contact us for more information or to request a copy of our SSAE 16 report.

View our News Release

View our Confirmation of SSAE 16 Audit Opinion