Welcome!

Virtualization Authors: Carmen Gonzalez, Imran Akbar, Sharon Barkai, Elizabeth White, Liz McMillan

Related Topics: Cloud Expo, Java, SOA & WOA, Virtualization, Security, Big Data Journal, SDN Journal

Cloud Expo: Article

SoftLayer Achieves SOC 2 Certification Across Global Footprint

Company’s 13 data centers meet stringent guidelines for data protection and availability

"SOC 2 exams are rigorous independent assessments, geared toward technology service providers, especially those running data centers," commented Val Stinson, director of compliance for SoftLayer, on the announcement by SoftLayer Technologies that it successfully completed its Service Organization Controls (SOC) 2 Type II examination for the company's 13 data centers, located in the United States, Singapore and the Netherlands

"With our successful completion of testing, we're able to provide our customers with greater insights into our controls, procedures and systems for our entire portfolio of cloud based services," Stinson continued. "To date, approximately 100 customers have requested our SOC 2 Type II report as a part of their compliance efforts."

The examination, conducted by independent accounting and auditing firm Weaver, evaluated the processes, procedures and controls for security and availability at SoftLayer's facilities for the year-ending October 31, 2012.

SOC 2 certification assures SoftLayer customers that the company has effective operational controls and meets audit levels for data protection and availability. Organizations with certification and compliance requirements such as HIPAA and PCI DSS may request and leverage the company's SOC 2 Type II report as part of their compliance strategy.

This certification is also an important step for any Infrastructure-as-a-Service (IaaS) provider that supports outsourced, mission-critical, and information technology services. The audit includes a full assessment of:

  • Security: Data centers are protected against unauthorized access (both physical and logical).
  • Availability: Data centers are available for operation and use as committed or agreed.
  • Processing integrity: Processing is complete, accurate, timely and authorized.
  • Confidentiality: Information designated as confidential is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with privacy principles issued by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

A SOC 2 examination is widely recognized, because it represents that a service organization has been through an evaluation of their control activities as they relate to the applicable Trust Services Principles and Criteria. A Type II report not only includes the service organization's system description, but also includes detailed testing of the design and operating effectiveness of the service organization's controls.

More Stories By Elizabeth White

News Desk compiles and publishes breaking news stories, press releases and latest news articles as they happen.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.