|By Elizabeth White||
|March 1, 2013 08:00 AM EST||
"SOC 2 exams are rigorous independent assessments, geared toward technology service providers, especially those running data centers," commented Val Stinson, director of compliance for SoftLayer, on the announcement by SoftLayer Technologies that it successfully completed its Service Organization Controls (SOC) 2 Type II examination for the company's 13 data centers, located in the United States, Singapore and the Netherlands
"With our successful completion of testing, we're able to provide our customers with greater insights into our controls, procedures and systems for our entire portfolio of cloud based services," Stinson continued. "To date, approximately 100 customers have requested our SOC 2 Type II report as a part of their compliance efforts."
The examination, conducted by independent accounting and auditing firm Weaver, evaluated the processes, procedures and controls for security and availability at SoftLayer's facilities for the year-ending October 31, 2012.
SOC 2 certification assures SoftLayer customers that the company has effective operational controls and meets audit levels for data protection and availability. Organizations with certification and compliance requirements such as HIPAA and PCI DSS may request and leverage the company's SOC 2 Type II report as part of their compliance strategy.
This certification is also an important step for any Infrastructure-as-a-Service (IaaS) provider that supports outsourced, mission-critical, and information technology services. The audit includes a full assessment of:
- Security: Data centers are protected against unauthorized access (both physical and logical).
- Availability: Data centers are available for operation and use as committed or agreed.
- Processing integrity: Processing is complete, accurate, timely and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with privacy principles issued by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
A SOC 2 examination is widely recognized, because it represents that a service organization has been through an evaluation of their control activities as they relate to the applicable Trust Services Principles and Criteria. A Type II report not only includes the service organization's system description, but also includes detailed testing of the design and operating effectiveness of the service organization's controls.
Oct. 22, 2014 10:15 PM EDT Reads: 784
Oct. 22, 2014 10:15 PM EDT Reads: 941
Oct. 22, 2014 10:00 PM EDT Reads: 960
Oct. 22, 2014 09:00 PM EDT Reads: 815
Oct. 22, 2014 08:30 PM EDT Reads: 1,008
Oct. 22, 2014 07:45 PM EDT Reads: 833
Oct. 22, 2014 07:30 PM EDT Reads: 844
Oct. 22, 2014 07:15 PM EDT Reads: 847
Oct. 22, 2014 03:45 PM EDT Reads: 932
Oct. 22, 2014 03:45 PM EDT Reads: 1,128
Oct. 22, 2014 02:45 PM EDT Reads: 907
Oct. 22, 2014 01:15 PM EDT Reads: 1,349
Oct. 21, 2014 08:30 PM EDT Reads: 1,461
Oct. 21, 2014 06:00 PM EDT Reads: 1,319
Oct. 21, 2014 05:15 PM EDT Reads: 1,329
Oct. 21, 2014 09:00 AM EDT Reads: 1,586
Oct. 20, 2014 11:45 PM EDT Reads: 1,308
Oct. 20, 2014 11:15 PM EDT Reads: 1,733
Oct. 20, 2014 09:45 PM EDT Reads: 1,306
Oct. 20, 2014 07:00 PM EDT Reads: 2,003