Why Being SAS 70 Type II Compliant is Important for a Data Center
You have probably noticed in the WestHost data specs that all managed and unmanaged dedicated servers are housed in Tier 3, SAS 70 Type II compliant data centers. But, why should this be important when you are shopping around for an affordable web hosting company?
Since hosting providers are the keepers of your data, files, and information, it’s critical they demonstrate clear measures to protect and safeguard these assets. The SAS classification is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
“In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting,” said SAS 70, the caretakers of the accreditation.
A service auditor’s report also helps a service organization build trust with its user organizations (i.e., customers) that know the accreditation is regulated and tightly managed.
A SAS 70 audit is thus an auditing standard that evaluates and issues opinions on the hosting providers controls. It is not, however, a pre-determined set of standards that a service organization must meet to ‘pass.’ In this case, providers may pursue an ISO standard that addresses quality management systems within an organization.
As a potential customer you are entitled to confirm the hosting provider is SAS audited and even request that they do so, if they have been not previously been audited. They have the right to refuse this request, but generally an audit shows a high level of faith in their broad infrastructure.
According to SAS, if a service organization provides transaction processing, data hosting, IT infrastructure or other data processing services to the user organization, the user auditor may need to gain an understanding of the controls at the service organization in order to properly plan the audit and evaluate control risk.
Compliance with SAS 70 Type II is thus a good indicated that the data center has taken a vital step in securing your data and information hosted on shared, dedicated and cloud server platforms. Also ask about their carrier network suppliers, which forms part of the Internet backbone that pipes bandwidth in and out of a data center.