skip to Main Content

Enter the Jargon: SSAE 16, SOC and Types

KC-Data-Center-HeaderReliable technology services start with a reliable infrastructure. Whether your company needs business applications to run your day-to-day operations, backup capabilities for your critical data or security features to meet your next audit, you want to be sure the data center that serves you can meet those needs. NetStandard’s data center is SSAE 16 Type II attested, but what does that mean for your business?  


Let’s start at the beginning: What is SSAE 16, anyway? According to, an online resource center, “SSAE 16 is an enhancement to the current standard for Reporting on Controls at a Service Organization, the SAS70.” The change from SAS 70 to SSAE 16 standards are designed to bring companies in the U.S. up-to-date with new international service organization reporting standards, thus helping technology companies attract business from around the world by providing a more uniform data security standard.


What is SSAE 16 Type II? SSAE 16 Type II, sometimes referred to as a SOC 1 Type II report, is an independent auditor’s report expressing an opinion on the design and operating effectiveness of internal controls that impact financial statements throughout a six-month period of time.


What is SOC I Report? SOC 1 is a Service Organization Control 1 Report on controls at a service organization that are relevant to that service provider’s internal control over financial reporting. The SOC 1 Report was previously considered the standard SAS70, complete with Type I and Type II reports, and now falls under the SSAE 16 guidance.


Why Should I Look for a Technology Company with an SSAE 16 Type II Review Performed?

    • The SSAE 16, SOC 1 report is designed to give company management assurance of sound internal control practices of your technology services provider. Whether your company is public or private, you want to be sure that your critical data is secure. A tech company’s clean Type II Report can provide this assurance.
    • Publicly held companies reserve the right to audit their service providers, and many companies will request an SSAE 16 report from their technology service provider. This gives investors the assurance that your technology service provider has the proper controls over company data not handled internally by your company.
    • Tech companies who have undergone an SSAE 16 Type II review have the benefit of third-party reviews of their internal audits, thus ensuring that your data is being handled by professionals whose performance is monitored and stringent.


What Does an SSAE 16 Data Center Offer?   An SSAE 16 Data Center will:

    • Maintain sufficient data and power redundancy
    • Maintain appropriate physical security controls (Man Trap, security guards, biometric scanning, video cameras, etc.)
    • Monitor for excessive temperature fluctuations
    • Review alerts on a timely basis
    • Have proper fire/water detection and protection


If your business is subject to SOX, FDIC, PCI or HIPAA regulators and examinations then your data center should be SSAE 16 attested.   Wondering if your data is safe? Call today to find out.

Leave a Reply

Back To Top