So you’re in the market for colocation or dedicated server solutions or Cloud VPS services. While part of your investment is investing in the company you choose to handle and manage your chosen web hosting service, another part of your investment is in the data center which your hosting company operates out of.
This means, before signing on the dotted line, understanding the tier of data center your colocation or dedicated server company operates out of and further understanding if that data center is SAS 70 Type II certified.
While we have covered the difference in data centers in this space extensively, we have not covered what SAS 70 hosting is or what SAS 70 data center colocation requirements are. Due to that, we will do just that, right now.
What is SAS 70?
SAS 70, or The State of Auditing Standards, is the document and procedural rules which determine the standards under which a data center can operate. SAS 70, first put forward by AICPA requirements, is the set of guidelines which determine how a data center can operate and more specifically, how the hosting body in control of the outsourced need can operate.
SAS 70 Types
SAS 70 hosting and AICPA requirements come in two types – Type 1 and Type 2. SAS 70 Type 1 data center requirements cover the following:
- Independent service auditor’s report
- The service organization’s description of implemented controls
SAS 70 Type 2 data center requirements cover the following:
- All points concerning SAS 70 Type 1
- All information supplied by the independent service auditor. This information will include descriptions of tests performed designed to show service effectiveness. Include in this information will be the results of those tests.
- Additional information supplies by the hosting service organization.
In English, SAS 70 Type 1 aims to test the overall legitimacy of service controls which guarantee the hosting company of third party host is successfully completing and providing the objectives they state.
Likewise, SAS 70 Type 2, evaluates everything SAS 70 Type 1 does however the audit practice deploys an independent confirmed CPA to make sure the Type 1 report was up the snuff and to evaluate the security practices of the hosting company. This evaluation includes stored data on the network.
Who Does SAS 70 Effect?
SAS 70 requirements, both Type 1 and Type 2, weight on third party outsourcing companies. These parties could be outsourced payroll firms, data center hosting companies, SaaS providers, PaaS providers etc. Essentially, although in this article we are using SAS 70 to refer to data center providers, SAS 70 impacts any third party outsourcing firm which sells their services on the open market.
Data Center SAS 70 Checklist
Concerning data center providers, SAS 70 data center colocation providers must meet the following credentials to be considered SAS 70 compliant.
- Physical Security: Constructed to maintain physical protection of the solutions held within
- Grounds Security: Protection of the grounds. All SAS 70 compliant data centers must be built to keep the public out. This is done by high level gating, high level security, battering rams, high walls, etc.
- Secure Glass: High level resistant glass. All SAS 70 compliant data centers must utilize high level resistant glass throughout the DC. This means bullet proof glass.
- On Site Security: Security. All SAS 70 compliant data centers must have working security cameras, alarms, stringent victory security protocols, 24/7/365 on site security and data protection measures like paper shredding and document destruction.
It should be noted, there are additional features of a SAS 70 compliant data center facility. These are just a few.