DBSi Data Centers Successfully Complete Type II SOC 2 and SOC 3 Examinations
DBSi, a provider of data center, cloud computing, disaster recovery and managed services in the Northeast, has obtained the SysTrust for Service Organizations Seal, also known as a SOC 3 Report. ParenteBeard, a top ranked U.S. accounting firm and independent member of the of Baker Tilly International network, recently completed a Service Organization Controls (SOC) examination of DBSi’s data centers in accordance with AT 101 standards following The American Institute of Certified Public Accountants (AICPA) Trust Services Principles and controls over security and availability.
Previous annual audits for DBSi resulted in traditional SAS 70 Type II reports (now known as a SOC 1 report) which follows the AICPA’s Statement on Standards for Attestation Engagements Number 16 (SSAE 16). The change from SAS 70 to SOC Reports was primarily designed to align with international accounting standards and provide more transparent and appropriate reporting options for service organizations. The new change also provides options for companies like DBSi who require assurance reporting as part of their service offering for their customers. SOC 2 and SOC 3 provide much more stringent audit requirements than the former SAS 70 - with a stronger set of controls and requirements specifically designed around data center service organizations.
“DBSi has hundreds of clients representing multiple and unrelated disciplines, each subject to an array of recommended best-practices, certification entities and/or regulatory bodies. The successful completion of the SOC 2 and 3 examinations validates our commitment to processes and standards that enable us to maintain the quality and security controls that our clients require. This is especially true for our clients in highly-regulated industries such as healthcare, pharmaceutical and financial markets”, explains DBSi’s COO, Robert Hicks.
SOC 2 and SOC 3 are welcome standards to the data center industry. The former SAS 70 audits didn’t provide a minimum bar for data centers to achieve; they simply verified that the controls and processes in place were followed. Translation? A data center provider with strong controls could claim the same level of audit as one with weak controls.
“SOC 2 addresses the same operational components as the prior SAS 70 audit, but now provides standard benchmarks for comparing data center service providers and allows for a side-by-side, apples-to-apples Report comparison,” Hicks said. “DBSi has always had stringent controls and processes in place; the SysTrust Seal for SOC 2 and 3 compliancy assures our clients that we meet the highest level of data center standards available today.”
DBSi’s SOC 2 report is available, via DBSi’s Client Portal or upon direct request, to existing DBSi clients and prospective clients who have entered into a Confidentiality and Non-Disclosure Agreement with DBSi. SOC 3 reports provide the same level of assurance about controls as a SOC 2 report, but the report is intended for general release. DBSi’s 2011 SOC 3 audit results are currently available for review on the company’s website.