SSAE 16 Type II Audit
Request a Quote
For the second year in a row Adhost successfully completed a Statement for Attestation Engagements No. 16 (SSAE 16) Type II audit. In previous years, Adhost passed SAS 70 audits, and last year the American Institute of Certified Public Accounts (AICPA) replaced the SAS 70 with the SSAE 16.
An independent service auditor examined the policies, procedures and business processes in place at Adhost from July 16, 2011 - July 15, 2012. The auditors spent a week inspecting our facility, learning about our procedures and interviewing Adhost management.
The following controls related to the colocation services provided in our Seattle data centers were audited:
Control Environment: The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal controls, providing discipline and structure. This includes:
- Integrity and Ethical Values
- Board of Directors
- Commitment of Competence
- Management’s Philosophy and Operating Style
- Organization Structure
- Assignment of Authority and Responsibility
- Human Resource Policies and Practices
Physical Security: Control activities provide reasonable assurance that business premises and information systems are protected from unauthorized access, damage and interference. This includes:
- General security
- General physical security multi-tenant building (Fisher Plaza East and West)
- Data center (Adhost East and West)
Environmental Security: Control activities provide reasonable assurance that critical information technology infrastructure is protected from certain environmental threats. This includes:
- Multi-tenant facility (Fisher Plaza East and West)
- Data center (Adhost East and West)
Availability: Control activities provide reasonable assurance that the colocation facility is available and accessible to Adhost customers
- Operations: Control activities provide reasonable assurance that the Operations department identifies and resolves problems affecting the colocation facility or customers in a timely manner.
The examination was performed in accordance with standards established by the American Institute of Certified Public Accountants. Existing Adhost clients, as well as potential clients, can request a copy of the SSAE 16 audit report by emailing firstname.lastname@example.org.
Why is SSAE 16 important to our clients?
Passing the SSAE 16 audit benefits Adhost as well as our colocation and dedicated server clients. Many of our clients are institutional organizations and publicly traded companies who must comply with security requirements such as Sarbanex-Oxley. Those clients can use the audit report for their specific security requirements. Benefits include:
- Satisfies many requirements for Sarbanes-Oxley
- Helpful sales tool for our clients to use for their customers
- Useful for start-ups looking for venture capital, which often has security requirements
What is SSAE 16?
In 1992 the AICPA developed a set of guidelines for evaluating service organizations known as the SAS 70. The SSAE 16 is an enhancement to the SAS70 and went into effect June 2011. The changes made to the standard will bring US companies up to date with new international service organization reporting standards, the ISAE 3402.
A SSAE 16 report, also known as a SOC 1 (Service Organization Control) report, is beneficial to both the service organization and its clients because it demonstrates that the service organization has implemented effective control objects and activities. The SSAE 16 report can aid the service organization's clients in completing their own financial audits.
In the hosting and colocation industries, the SSAE 16 report is important for companies who are relying more and more on outsourced hosting and colocation services. The SSAE 16 report allows hosters and data centers to complete one report that all of their clients can use.