NetSource completes its SSAE16 audit for 2016
What is audited? How to get the report? Why it’s important?
There are actually two audits, SSAE16 SOC1 and SOC2, that NetSource completes each calendar year. These audits cover a huge range of tests to ensure NetSource’s datacenter meets a high standard of quality and compliance. SSAE16/SOC1 has 242 audit tests and SOC2 has 288 audit tests. The tests cover a wide range of company operations including financial, administration, and technical areas. The SOC2 audit focuses on reliability and security standards at a datacenter. The auditor performs the testing over a period of about 3 months; usually April through June. NetSource received the final report near the end of August this year. When the auditor performs a test they may check everything or pick samples from larger data sets to ensure quality compliance. The auditor requests very specific information taken from records covering the past year. The auditor will pick the samples and dates at random so that they ensure policies are being followed.
Here is just a sampling of some of the key tests that the auditor does:
- Network architecture for security and reliability
- Failure recovery procedures
- Change management systems in place
- Customer data backups verified daily
- Periodic verification of every customer dedicated server RAID status
- A total of 75 scheduled maintenance tasks on practically everything, CRACs, Generator, network, UPS, fire detection and protection, …
- Constant real time monitoring and alerting of servers, network, power, and cooling
- Physical security checks including visitor logs, intrusion detection, video and door locks
- Every backbone component and key secure networks externally and internally scanned quarterly for security vulnerabilities, including customer networks that purchased the service
- Verification of PCI compliance
- Verification of staff training and codes of conduct
- Verification of management processes and competence
- Protection of customer information, encryption and storage
There are hundreds of checks like the ones above which are performed at NetSource each year. Remember, every check must have a log or record to show proof to the auditor that compliance is being met.
How Do You Get Our Report?
Contact your account manager at NetSource and ask for NetSource’s SSAE16 Type 2, SOC1, SOC2 audit. We will always send you the most recent audit. You will be required to sign a non-disclosure agreement before we can send you the official audit in .PDF format. Once the NDA is signed and sent back we will send you out an official SSAE16 document for review.
Why Is This Audit Important To Our Clients?
Many of NetSource’s clients have special certifications they are required to meet (ie. HIPAA, PCI, Etc.). Since they host at NetSource’s datacenter they may require proof that the facility meets a certain level of standards covered in the SSAE16 report. This report will ensure their own clients that they have selected a quality datacenter that is following industry standards. Many of NetSource’s clients will provide the NetSource SSAE16 report to their auditors to help complete their own internal audits. It should be noted that NetSource’s SSAE16 compliance does not make our client’s SSAE16 compliant, but it does help them achieve their own compliance faster in most cases.
If you want more information about NetSource SSAE16 Type 2, SOC1, SOC2 audit please contact us at 630-778-1212 and ask for an account manager. Thank you.