Compliance in Cloud Computing: Navisite Once Again Achieves SSAE 16 SOC 1 Compliance
Like the many organizations we support with managed cloud solutions, Navisite is also subject to stringent standards and compliance regulations.
Today, I’m pleased to share Navisite has completed its annual Statement on Standards for Attestation Engagements (SSAE) No. 16 Service Organization Control (SOC) 1 compliance for its cloud-enabled data centres in Andover, MA and Santa Clara, CA. SSAE 16 compliance also extends to managed services and managed cloud services in these two flagship data centres, as well as managed cloud services in Navisite’s Syracuse, NY and London, UK data centres. Maintaining our SSAE 16 compliance gives assurance to our enterprise clients that we are providing a resilient, high-performance environment for hosting their most critical business applications and data.
To deliver superior service to clients, cloud computing providers like Navisite must ensure they are reviewing all capabilities on a regular basis and making any changes or updates to meet the criteria set by the industry.
Navisite’s controls were created and built on a foundation of the Information Technology Infrastructure Library (ITIL) best practices in information technology and security. As an SSAE 16 SOC 1-compliant company, we continue to focus on our commitment to providing clients with the highest standards in processes, controls and procedures.
As are many regulations, the SSAE 16 SOC 1 is multifaceted and technical in nature. So, what does SSAE 16 SOC 1 Compliance mean? Here are the facts:
- A SOC 1 Report (Service Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting. The SOC1 Report is what you would have previously considered to be the standard SAS70, complete with a Type I and Type II reports, but falls under the SSAE 16 guidance (and soon to be SSAE 18).
- SSAE 16 SOC 1 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
- It supersedes the SAS 70 audit standard and is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for management to obtain assertions about service organization internal controls without conducting separate assessments.
- SSAE 16 is based on the International Auditing and Assurance Standards Board's (IAASB) International Standard on Assurance Engagements (ISAE) 3402, Assurance Reports on Controls at a Service Organization.
- A SSAE 16 SOC 1 audit is widely recognized because it represents that a service organization has been through an in-depth audit of its control activities.
SSAE verifies controls and processes within the data centre, as well as requires a written statement regarding the design and operating effectiveness of the controls being reviewed. In short, it creates a benchmark for data centre excellence. The systems and processes evaluated in this audit include:
- Change management
- Problem management
- Backup controls
- Physical and environmental safeguards
- Logical access
From there, the SSAE 16 audit will result in a Service Organization Control (SOC) 1 report. This report focuses on internal controls over financial reporting to determine accuracy and completeness of the data centre management’s design of controls, system and/or service.
We regularly evaluate and audit our systems, services and personnel, so clients can be sure we are meeting the highest standards for processes, controls and procedures that ensure safety in their cloud environment. By meeting the SSAE 16 standard, clients can rely on the SOC report as part of their own internal controls and compliance.
We’re pleased to have completed the SSAE 16 program—a great benefit to our managed services clients, including our array of cloud services. As our clients continue along their cloud journey, we look forward to serving as a guide and trusted partner by ensuring we are both meeting and exceeding industry standards.
Want to get weekly updates and insights from Navisite? Subscribe to our blog by entering your email address into the form in the right side of this page and receive a weekly roundup in your inbox every Friday.