Data centers are generally defined as a group of networked computer servers typically used by organizations for the remote storage, processing, or distribution of large amounts of data. If purchasing or owning your own data center is not advantageous, colocation can be a valuable option. Data centers that offer colocation services sell customers on a wide range of benefits. Just a few of those key benefits include:
- Risk mitigation
- Connectivity and speed of delivery
- Cost savings
A data centers’ impact on their customer’s control environment is often vastly underestimated. When companies have outsourced their data center they’ve become reliant upon the controls at the data center. Just as important as the benefits noted above are the control procedures around physical security, environmental protections, logical security and operational controls.
Choosing a Data Center
To gain transparency around a data center’s control environment, the data center should provide a copy of their Service Organization Controls Report (SOC Report) to customers. The SOC Report is based on an examination by an independent CPA firm under standards developed by the AICPA. By undertaking a SOC examination, the data center validates their commitment to control governance and achievement of control standards. The SOC Report provides an opinion on the:
- Fairness of the service organization’s system
- Controls were suitably designed to provide reasonable assurance that the control objectives would be achieved
- Operational effectiveness of the controls
Engaging a CPA firm to perform an examination of the controls around the data center provides the following benefits to the data center:
- Allows for clear articulation about the company, the system and the control environment
- Increased trust and transparency with customers
- Competitive advantage in the marketplace
- Deliverable that can be provided to customers to avoid accommodating various customer audits
- Value added improvements to the control environment as a result of the independent audit
In today’s marketplace, accountability, complete representation and transparency is becoming increasingly important to customers. External auditors and other regulators rely on the SOC Reports to understand their clients internal control structure. As a result, SOC Reports are becoming standard requests in contract negotiations.
Barnes Dennig helps data centers and other service organizations across multiple industries with their information systems risk management. This includes Service Organization Controls, IT audits, PCI-DSS, HIPAA and OCC third-party vendor management. Contact Bryan Gayhart via email, or by calling (513) 241-8313.