Compliance isn’t just a checkbox on a piece of paper to ServerCentral. From old hardware disposal to protecting vital assets and systems, security and compliance are at the core of everything we do.
We first covered our commitment to compliance when Daniel Brosk, our COO, blogged about the changes the SSAE-16 SOC 1 brought from our older SAS 70 report. Now, we have another exciting new announcement about our commitment to security and compliance:
For the audit period ending June 30, 2014, ServerCentral migrated our compliance program from the SSAE-16 SOC 1 standard to the more-secure AT-101 SOC 2.
With the help of our auditors, we adopted the very stringent policies required by the Trust Service Principles (TSPs), which are dictated by the American Institute of CPAs (AICPA). These TSPs are considered the highest level of security and safety available to a data center or managed service provider, which is why ServerCentral has embraced them fully throughout every level of our organization.
Unlike the SSAE-16 SOC 1 reporting standard, the AT-101 SOC 2 has a consistent, standard set of items to test and report for our auditors.
The SOC 1 allows a data center or service provider to choose their own rules, pick their own security standards, and to hide gaping weaknesses in their program by simply not including a control covering that weakness.
The SOC 2 has leveled the playing field, forcing all providers to use the same advanced security controls to protect your data and your systems.
ServerCentral believes in holding ourselves to the highest standard when it comes to handling, securing, and managing sensitive data and systems. While other providers might continue to use the weaker SSAE-16 SOC 1 standard, we will continue to adopt more of the TSPs during this audit period until we have implemented the full suite of controls laid out by the AT-101 standard.
If you’re a customer, you can find a copy of our SOC 2 report in the customer portal. If you’re a prospective client, please contact us here.