June: A View from the Data Center Floor

In today’s highly regulated business environment, companies are increasingly required to meet new compliance requirements. And with new high-profile security breaches announced seemingly every week, these regulations aren’t likely to go away anytime soon. To help our customers meet their compliance requirements, Immedion recently announced the completion of our SOC 2 Type II audit under the guidelines set forth by the American Institute of Certified Public Accountants (AICPA). The AICPA’s Service Organization Controls, also known as SOC, consist of a series of standards designed to gauge how well a service organization controls its information. These rigorous standards are verified by an independent third-party auditing firm and are often recognized as an acceptable means of guaranteeing a service organization’s internal controls.

It’s important to note that all SOC audits are not created equally. The SOC reporting framework is divided up into three reports – SOC 1, SOC 2 and SOC 3. SOC 1, also referred to as SSAE 16, assesses and tests a company’s internal controls, particularly over financial reporting, and affirms that criteria regarding best business practices must be met to pass an audit. SOC 2 is a comprehensive audit that not only assesses and tests a company’s infrastructure, software, people, procedures and data controls, but does so against Trust Service Principles and Criteria established by the AICPA. As it was the SOC report most directly related to its predecessor SAS 70, SOC 1 was the industry standard for most service providers.  However, many companies are migrating to SOC 2 because it concentrates on areas more relevant to the IT industry such as security and availability. SOC 3 focuses on the same Trust Service Principles as SOC 2, but it lacks a description of the organization’s tests and results and does not include a description of the system as SOC 2 does, and as such is primarily a report for marketing purposes.

Immedion’s SOC 2 Type II audit examined the suitability of design and operating effectiveness of our controls based on the Trust Service Principles (TSP) and Criteria for Security and Availability because these two controls are most relevant to our mission of keeping our customers’ data and applications always on and always secure. Adhering to the Security and Availability TSPs means a company can demonstrate they have the necessary controls in place to protect against unauthorized access physically or logistically, and are capable of proving their systems are available for operation and use as committed or agreed. SOC 2 Type II compliance gives many customers peace of mind in knowing we have the necessary controls and best practices in place to safeguard their data and ensure their availability.