Comment Re:These are NOT Certifications! (Score 1) 84
Well said DaCurryman! Data centers have adopted SAS 70 and SSAE 16 as a certification of good security and availability practices, however, that was never the intent. The reason we had "SAS 70 Certified" data centers and we now have "SSAE 16 Certified" data centers is because the customer is always right. The chain of demand for SAS 70 began with financial statement auditors that needed a vehicle to understand the controls at service organizations. Sarbanes Oxley fundamentally changed the requirements for financial statement audits. The auditors now had to have an understanding of the controls that were in place over financial reporting. That included IT general controls like physical and environmental controls that most data centers provide. Rather than send a team of auditors to examine the physical and environmental controls at a third party data center, the audit firm asked the data center to provide a SAS 70 report. Pretty soon, the marketing people said "Hey, we can get more customers if we say we are "SAS 70 Certified" and since SSAE 16 was officially introduced as the replacement for SAS 70, you now have those same marketing people claiming SSAE 16 Certified.