SOC 1 / SSAE 16
SOC 1 / SSAE 16 reports “are specifically intended to meet the needs of the entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user’ auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.”
SOC 2 reports “are intended to meet the needs of a broad range of users that need information and assurance about the controls at a service organization that affect the security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”
SOC 3 reports “meet the needs of users who need assurance about the controls at a service organization that affect the security, availability, and processing integrity of the systems used by a service organization to process users’ information, and the confidentiality, or privacy of that information, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 Report.”
- Jason Lannen, CISA, CISM
- Jason Lannen is the Managing Director of TurnKey IT Solutions, LLC. Experienced IT Auditor and Consultant focusing on SOX 404, SOC 1 / SSAE 16 (formerly SAS 70), SOC 2, PCI, ISO 27000, Information Security and Data Analysis. Check out our website at http://www.turnkeyit.net and email us at firstname.lastname@example.org for more information.
Sunday, January 22, 2012
Wednesday, November 4, 2009
"One day, while uploading yet another text file to the Google Docs Web site, I started to wonder: When I save this file online, where does it actually go?"
The buzz about Cloud Computing (aka The Cloud) – an exciting new technology, but are IT risks being properly managed?
Does your organization outsource IT services and data to 3rd party providers? Do you access those IT services via web browser? Do you mange your personal contacts via Google, LinkedIn, Facebook or other online applications? If you answered ‘yes’ to any of these questions, your information and data is being managed in ‘The Cloud’.
Outsourcing information and data to outside service providers in The Cloud is nothing new, but has become more commonplace and accepted with the creation, reliability and security of web technologies that support our computing needs outside of the traditional IT structure. It has become a hot topic of discussion among IT professionals as well as everyday home computer users.
Companies and individual users in society are realizing the benefits of The Cloud – outsourcing their management of computing systems, infrastructure and data to applications on the internet. This has presented opportunities for improving IT performance, increasing storage capacity, streamlining business processes and reducing IT costs. No doubt, The Cloud will revolutionize the way we manage IT systems, protect and store data, as well as do business and manage our lives personally. However, this technology has also presented a new set of risks and challenges from information protection to data integrity to regulatory compliance and governance of IT.
What are organizations doing to address these risks as well as others? What are you doing in your personal life to make sure your information is backed up and protected?