SSAE 16 COMPLIANCE
Volico has successfully completed SSAE16, SOC 2 Type II, and NIST audits compliant.
Volico is a dynamic company who operates enterprise quality data centers, designed for mission-critical colocation, managed hosting and cloud computing services. We provide usable SSAE16, SOC 2 Type II (Formerly SAS 70) audit and work with clients on their compliance requirements to ensure they receive the best value.
We offers fully managed compliant infrastructures that exceed industry and regulatory standards. Whether you are in the healthcare, retail, or financial services industries, our hands-on approach is instrumental in creating a customized solution to meet your demanding business needs.
SSAE 16 IS DIVIDED INTO THREE TYPES OF SERVICE ORGANIZATION CONTROLS:
SSAE 16 (SOC 1) TYPE II
Volico is SSAE16 and SAS70 Type II certified offers fully compliant hosting allowing our clients to fulfill the requirements of SSAE16 internal audits as well as SAS70 Type II audits. While “SAS 70″ has been the dominant in-depth audit of a third-party service organizations over the last many years, the original Statement on Auditing Standards (SAS) No. 70 is actually one of many periodic statements issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA).
This certification confirms Volico’s controls are designed effectively, described accurately, and are in operation. To achieve SAS 70 Type II status, the auditor also certifies the controls have operated effectively over a period of time beyond the initial audit date.
SOC 2 & SOC 3
SOC 2 confirms clients we use systems to protect their data. It audits security, availability, process integrity, privacy and confidentiality in your data hosting environment. SOC 2 hosting assures your service provider has all of the best internal practices in the right place. SOC 2 is a rigorous audit that is challenging for services organizations. SOC 2 measures and reports on a service organizations controls. SOC 2 reports on controls independent of an SSAE 16 (SOC 1) audit, and refers to controls specifically related to IT/data center service providers. The SOC 2 report affects companies that host or store large amounts of data, particularly data centers. A SOC 2 Report focuses on controls, called Trust Services Principles, related to security, availability, confidentiality, processing integrity and privacy—validating that the system is protected against unauthorized physical and logical access, for example.
SOC 3 – While the SOC 2 is a confidential report, the SOC 3 report is publicly available. The SOC 3 report contains the auditor’s letter and summary opinion on the effectiveness of data center controls, A management attestation letter, and system description of the services provided and under the scope of the audit. While all of the necessary certifications can be found in the report, it is less detailed and technical than a SOC 2 report that lists all of the tests performed by an independent auditor and test results. Online Tech’s hosting solutions have been audited to prove certified SOC 3 hosting.
SOC 3 is a summary Trust Services Report that documents assurances on Latisys’ controls related to the Security principle but without the detailed description of tests and results contained in SOC 2. SOC 3 hosting delivers an auditor’s opinion of SOC 2 components with the additional seal of approval needed to ensure you are hosting with an audited and fully-compliant data center. A SOC 3 report is a general use report that can be distributed publicly by anyone to demonstrate that proper controls are in place within the data center system and design.
Questions about SOX compliant hosting? Contact us for answers.
SSAE 16 Compliance
Schedule a time to meet with one of our compliance department experts.