Archive for the ‘Jay Atkinson’ Category

« PREVIOUS

Welcome, Josh Darrin!

January 22nd, 2013
Posted by: Jay Atkinson

By Jay Atkinson
AIS Network CEO

If you have seen a new face at AIS Network, be sure to welcome him.  We have added Josh Darrin to our team as Director of Operations.  Josh has been helping us as a contractor on many operational issues as part of network operation initiatives, additional compliances and many important projects that have facilitated our recent growth.  He has been especially helpful in projects related to our new role as a provider of eGov hosting services to the Commonwealth of Virginia, which has required not only technical and network “know how” but also the business experience that helps create new processes, services and policy.

Before AISN, Josh had over 20 years of experience as a technology entrepreneur.  Be sure to check out more on our press release.

We are very excited to have Josh as part of our permanent team and know his business experience and technical expertise will really help us in our growth plan.  Welcome, Josh!

TAGS:

CATEGORIES:

No Comments »

AISN’s Redundant Power and Connectivity Protect Customers From Power Outages in Aftermath of Massive DC Storm

June 30th, 2012
Posted by: admin

By Jay Atkinson
AIS Network CEO

data center reliability

Unplanned outages are costly. Redundant power and connectivity are critical values that managed hosting providers offer.

Can the AIS Network data center reliably maintain data availability when a massive storm hits?  Yes!

Last night, the Washington, DC, metropolitan area suffered a massive, highly destructive storm replete with high winds, thunder, lightning and heavy rains.  This afternoon, more than 1.3 million households and businesses across the area are still without power.  In fact, power company officials are predicting a “multi-day outage.”  All this bad news comes in the middle of a heat wave when weather forecasters are calling for dangerous heat levels and still more storms.  We sympathize with those who are still without power and who have suffered property loss.

Last night’s storm, which crippled many businesses with a primary utility power outage, underscores why it’s tremendously advantageous to host your mission critical data in an SSAE 16 Type II-compliant data center.  Outages are costly.  Customers don’t really care if there was a storm, an earthquake, a rolling blackout or some other issue responsible for an outage.  They  simply expect perfect availability of and connectivity to their data, and that is understandable.

Reliable, redundant power and redundant IP connectivity are two of the most important safeguards that a managed hosting provider can offer its customers, especially when a natural disaster strikes.  Yet, what many hosting providers offer falls short of that.  AIS Network’s Tier III data center in Virginia came through with flying colors and kept our customers’ data up and running.  No hiccups, just solid availability.

Choosing to move your mission critical applications and data from an on-premise hosted environment to a fully managed hosted environment within a secure data center definitely makes good economic sense but it’s also a decision that provides for more reliable protection against power and Internet connection outages.  That’s a critical value proposition.

Managed hosting support systems must be predictably available, and system availability is only as predictable as the availability of power to those systems.  When you host your data in AISN’s data center, you are choosing to add a level of built-in redundancy for failover protection during common and extreme conditions.  AISN facilities are designed for redundancy and high availability of power to our clients’ critical server systems, and high density Internet connections.  Clearly, to build this sort of environment for your data on-premise would be cost-prohibitive.

Some data centers promise redundant/ backup systems, but nonetheless, it’s still very important for a prospective customer to confirm precisely what that promise entails.  In some cases, a physical inspection may be necessary or advisable.  If you’d like to learn more about AISN’s data centers or take a technical tour, please contact us.

TAGS:

CATEGORIES:

5 Comments »

SharePoint Users: Microsoft SQL Server 2012 Solves Common Business Challenges

June 29th, 2012
Posted by: admin

 

By Jay Atkinson
AIS Network CEO

Microsoft SQL Server 2012 is here now.  How much do you know about it?

If you’re using Microsoft SharePoint 2010 or Microsoft SharePoint 2010 for Internet Sites or if you manage big data, then it’s likely that you are familiar with SQL Server.  This newest version of Microsoft’s premier enterprise database management system has numerous new (and quite powerful) features over the previous release, 2008 R2.

In fact, there are so many noteworthy improvements over 2008 R2 that it would take quite a long time to blog about them all.  Rather, let’s just examine how this new version helps you solve some basic business challenges effectively.

Why use SQL Server 2012?  As the foundation to the cloud-ready information platform, SQL Server 2012 will help businesses of all sizes unlock breakthrough insights across the organization as well as build solutions quickly and extend data from server to private or public cloud — all backed by advanced capabilities for mission critical confidence.

Not only does SQL Server 2012 help improve customer management, but it also may help you face a number of common challenges.  Let’s look at five:

SQL Server 2012

But how do you know if you need SQL 2012?  Many organizations are 24×7 operations.  They may have a global presence too.  But they all have one very important quality in common:  they cannot afford downtime.  Does this describe you?  If so, ask yourself some of these questions:

  • How is your current database supporting your needs?
  • Is the performance of your current database where you need it to be?
  • Are you planning a move to the cloud?
  • Do you see yourself introducing new mission critical applications or planning migrations within three months to a year?
  • How are you viewing business insights for your organization?
  • Are you planning any major projects within the next three months to a year?

These are all good discussion points that we’d be happy to help you work through in your effort to discover whether or not SQL Server 2012 would benefit your organization.

Finally, I’d suggest three brief points for consideration:

1)  Mission Critical Confidence. SQL Server 2012 enables mission critical performance and availability at low TCO.  Consider that it offers:

  • A new integrated high availability and disaster recovery solution
  • Advanced performance speeds
  • Built-in encryption capabilities help protect confidential information without changes to the application

2)  Breakthrough Insight. Use SQL Server 2012 to unlock new insights with pervasive data discovery across the organization.  With SQL Server 2012, you can:

  • Empower business users to create visually rich dashboards or reports across heterogeneous data sources
  • Activate managed self-service BI, which easily balances an employee’s need for rich information and collaboration with IT’s need to manage the safety and confidentiality of information

3)  Cloud on Your Terms. SQL Server 2012 is useful in enabling you to create business solutions quickly – on your terms – across servers to private or public clouds. You’ll like that you can:

  • Easily move applications across on-premises and cloud with unlimited virtualization (available through SQL Server 2012 Enterprise Edition) and license mobility
  • Extend data across on-premises and the cloud

Are you aware of the significant improvement Microsoft has made to the licensing model for SQL Server 2012?  We’ll cover that topic in a future blog.

In the meantime, to learn more about how Microsoft SQL Server 2012 can help you stay productive and reduce costs, please just contact our office.  We’re happy to help.

TAGS:

CATEGORIES:

Comments Off

Top 6 Benefits of AIS Network’s Managed Private Cloud

May 3rd, 2012
Posted by: admin

By Jay Atkinson
AIS Network CEO

You want to spend more of your IT dollar on the innovation that your customers expect.  So in order for you to focus on your business, the ratio of what you build out “new” versus what you spend time maintaining and running has to improve measurably.  Plus, you want maximum control over your IT environment with the least hit to your organization’s bottom line.

You’re sure you get every bit of that and more by moving from a traditional deployment to AIS Network’s Managed Private Cloud architecture.  But, how do you persuade the C-Suite to let go of the current environment?

What are the six most compelling benefits for AISN’s Managed Private Cloud?

  1. Security. Industrial strength security and integrity of data are paramount.  AISN’s Managed Private Cloud offers the benefits of cloud technology, but keeps all your data on hardware dedicated to and controlled by you.  Under the umbrella of a security framework that you define, you can best address your customers’ security needs and meet the most stringent of compliance requirements – a big enhancement, when compared with open, more heterogeneous systems.
  2. Compliance. Stringent compliance is a priority.  A key component of any high-level compliance program such as SOX, PCI, HIPAA/HITECH or FISMA is the ability to segregate your data from others.  With AISN’s Managed Private Cloud, you control your own SAN, which eliminates the possibility of database cross pollination.  For PCI compliant solutions, we can easily provide you with your own dedicated firewall.  AISN is SSAE 16 Type II-compliant and our methods are explicitly documented and verified by an independent auditor.
  3. Scalability. Managing growth confidently is critical.  As the pure IT content of your business grows, so does the ability to have a flexible – and essentially infinite – expandable computing base.  With an AISN Managed Private Cloud, you don’t have to purchase and maintain additional hardware.  We manage the technology so that you can focus on business strategy.
  4. Cost. Saving money is smart business.  Deploying an enterprise-scale system in AISN’s Managed Private Cloud can cost significantly less than others would charge you to implement the same system in a public cloud or a hybrid cloud.  And, as you grow, you get the benefits of economies of scale, meaning your per virtual machine cost decreases.
  5. Performance. Speed matters.  Since you’re in your own AISN Managed Private Cloud, you don’t have to share resources with other customers and worry whether another customer’s application failure will impact you. Faster response times and a healthier infrastructure is a good thing.
  6. High Availability. 100% uptime rocks.  AISN’s Managed Private Clouds have both physical and virtual redundancy built in to ensure High Availability.  Our SSAE 16 Type II-certified data centers safeguard your data against natural and man-made disasters, including physical security breaches.  Our rock-solid Service Level Agreement guarantees it.

AISN’s Managed Private Cloud positions you at a competitive advantage by accomplishing your business need to go FASTER – confidently.   For more details, get in touch with us.  We’d love to help.  (Jay Atkinson, jay.atkinson@aisn.net).

TAGS:

CATEGORIES:

No Comments »

Does Third Party Hosting for SharePoint 2010 Make Sense?

April 13th, 2012
Posted by: admin

By Jay Atkinson
AIS Network CEO

“To cloud or not to cloud?” is rapidly emerging as the technical question of the decade.

Industry analyst Gartner, Inc., expects 43 percent of companies to have most of their IT efforts running in the cloud in as little as four years. Due to that expected boom in cloud adoption, Gartner ranks cloud computing as the No. 1 tech priority for chief information officers.

Placing a mission-critical platform into the hands of an independent, third-party hosting services provider can uniquely position that

SharePoint 2010 Cloud

Should you host your SharePoint 2010 in the cloud?

organization to combine some of the best elements of on-premise hosting and Office 365 delivery. For many organizations, SharePoint is mission critical and the decision to shift from on-premise hosting to third-party hosting is not entered into lightly.  However, the benefits of doing so are increasingly appealing.  In comparison to on-premise hosting, third-party hosting offers superior flexibility, greater reliability and a better value.

Why a better value?  Ultimately, if an organization were to attempt to replicate the hosting infrastructure built by a third-party provider, it would become abundantly clear to that organization that outsourcing to a third party provides a much better value.  It is usually cheaper for an organization to host SharePoint on-premise – unless they want to do it right.  Replicating an on-site infrastructure that equals the performance, reliability, scalability, security and compliance environment that “comes standard” with a solid, Microsoft hosting partner’s services would be cost prohibitive.

Here, it is also important to note that for public companies or others that are audited, Sarbanes-Oxley (SOX) also drives the case for outsourced hosting.  SOX identified the Type II SAS 70 report (today’s equivalent is SSAE 16 Type II) as the only acceptable method for a third party to assure a service organization’s controls.  Many reputable hosting companies are SSAE 16 Type II-audited, which means the audit of the hosting company can be incorporated into the audit of the public company.  Relying on the audit performed on a third-party hosting company, at the hosting company’s cost, may be much more cost-effective than ensuring your own facilities and processes are SSAE 16-compliant.

Hosted SharePoint Specialists

Organizations contemplating a SharePoint deployment should recognize that there are applications hosting providers and then there are a handful of hosting providers that specialize in hosting SharePoint.  Many have Microsoft and additional compliance certifications, and that enhanced capability and level of service may be imperative to an organization requiring customized SharePoint hosting configurations, Microsoft-certified talent, and top-grade security and disaster compliance.

The hosting provider’s infrastructure is supported by many clients, thus enabling it to deliver a broad range of services at a substantially lower price (than managing identical services on-premise).

For the customer, there is little upfront capital expense and the monthly payments to the hosting company are predictable operational expenses.  The IT staff is freed up from spending precious resources and time on designing its own hosting solution architecture.  Stressing about managing backups, software licenses, hardware/software upgrades, and patching schedules is all in the hands of seasoned hosting experts who monitor the customer’s SharePoint solution in a disaster-resistant data center.

In addition to cloud hosting services, there are two general types of SharePoint hosting that a third-party provider may offer:

Shared hosting. An organization’s applications and data are deployed on a server that is shared by several other organizations.

Dedicated hosting. An organization either deploys its own servers or the hosting provider deploys servers dedicated for exclusive use by that organization.  Dedicated hosting may be provided by either dedicated physical servers or dedicated virtual servers.

Benefits and Drawbacks of Third-Party Hosting
A SharePoint hosting provider frees up an organization’s entire IT staff to focus on tasks that will help grow their business.  In their Service Level Agreements, most top-tier hosting providers offer disaster-resistant data centers, temperature and access controls, 24x7x365 monitoring and response, excellent connectivity, reliable uptime and availability, managed hardware/software upgrades and maintenance, routine backups and fail-over capability in the event of disaster.

The best providers develop a solid, personalized relationship with each customer, listening carefully to their needs and integrating their team of experts into the organization’s IT staff.

Benefits include the following:

Customization. The hosting provider is capable of configuring highly complex SharePoint installations.

Low upfront costs. Capital outlays are minimized. Outsourced hosting becomes an operational expense.  The hosting provider typically buys and manages the servers and provides the licenses.

Staff. Highly trained hosting experts strive to integrate seamlessly with an organization’s team, thus helping to strengthen the relationship through personalized service.

Security. An organization’s servers are typically highly secured, backed up and sitting in a disaster-resistant data center.  Many providers have SSAE 16 Type II designations as well as other compliance certifications.

Scalable. Spikes in traffic can be sustained without the accompanying worry that the organization’s network will crash.

Drawbacks include the following:

Portability. SharePoint hosting is complex, and organizations must enter into long-term contractual commitments with their hosting provider.  Switching providers in mid-contract, or reverting back to self-hosting, is not easy and the process of migrating data to a new hosting arrangement can be onerous.

Slower deployments. Deploying the physical infrastructure is managed and thus not as turn-key as cloud-based hosting.

In addition to cloud hosting services already addressed by this paper, there are two general types of SharePoint hosting that a third-party provider may offer:

Change management. Changes – either hardware or software – to the SharePoint configuration may require the hosting provider’s review and approval, so organizations must plan in advance.

Flexibility. While third-party hosting may not recreate the level of flexibility associated with on-premise hosting, in most cases, the degree to which an organization loses out on flexibility and control is less than the degree by which it will save on capital outlays.

Just as with on-premise hosting, there is a large emphasis on customization and flexibility in the world of third-party hosting providers.  An organization will have full access to its own SharePoint environment – the way it should be – and any kind of software application that compliments its SharePoint (customer relationship management software, data mining programs, etc.) can be integrated.

Have more questions about hosting SharePoint in the cloud?  Download the “To Cloud or Not to Cloud” whitepaper and/or speak with someone in our office.

TAGS:

CATEGORIES:

12 Comments »

Private SharePoint Cloud: For Large Enterprises, It’s the Way to Go

March 21st, 2012
Posted by: admin

By Jay Atkinson
AIS Network CEO

Just last week, we made a bold statement that has captured quite a bit of attention within the SharePoint community.

We revealed that we are now deploying SharePoint Server 2010 in a single private cloud for less than our competitors are charging for a public or hybrid cloud implementation.  And, we expressed our strong view that enterprise-class Microsoft SharePoint 2010 customers should look only to private cloud environments.  In short, it’s the only way to go based on sheer practicality and bang-for-the buck.

private cloud

Enterprise-class SharePoint Server 2010 is hosted most cost-effectively in a private cloud.

Plain and simple, you want the most control over your SharePoint 2010 environment with the least hit to your organization’s bottom line, and you get every bit of that and more by moving from a traditional deployment to a hosted private cloud architecture.

Currently, hosting providers are steering enterprise-class SharePoint 2010 customers toward public cloud and hybrid cloud hosting models.  Our cost analysis research shows that those deployment approaches are needlessly costing more than they should and the customer sacrifices control at multiple levels.

A private SharePoint cloud is simply more economical and easier to manage for a large organization with security and compliance concerns.  An enterprise SharePoint Server 2010 platform implemented wholly in a private cloud, including the online storage components, exceeds core compliance requirements and surpasses the benefits of a public cloud or hybrid cloud.

With SharePoint 2010 deployed entirely in a private cloud, the customer gets:

  • a hosted environment that is exclusively internal to the organization,
  • complete control of its servers, security, permissions, policies and customization,
  • seamless federation between line-of-business systems and various data sources,
  • quick scalability for system resources, and
  • the ability to move other core applications and platforms to the same private cloud.

Public cloud services like Microsoft Office 365’s SharePoint Online and deployments of SharePoint Server 2010 in a public or hybrid cloud are okay for small to mid-size businesses, but they’re very impractical when it comes to serving the best interests of a large business.

The private SharePoint cloud model is an ideal outsourcing alternative.  Sooner or later, global and large enterprises evaluating SharePoint 2010 deployment platforms are going to realize that an enterprise SharePoint Server 2010 platform implemented solely in a private cloud is, indeed, the only way to go.

Have a different opinion?  I’d love to hear your thoughts below.  Need a free quote on a Private SharePoint Cloud?  Naturally, we’d be happy to help you with that.

 

TAGS:

CATEGORIES:

5 Comments »

SharePoint 15, SharePoint 2012, SharePoint 2013? Whatever. When will it be released?

March 6th, 2012
Posted by: admin

 

By Jay Atkinson
AIS Network CEO

We love SharePoint 2010 but we are still keen to know, “When is the next edition of SharePoint scheduled for release?”

It’s still unknown whether the next edition of SharePoint is destined to be called SharePoint 15, SharePoint 2012, SharePoint 2013 or something entirely different.  I am guessing it will be “SharePoint 2013,” given that the release is planned for much later this year.  The beta will be released this summer, we’re told.  The Microsoft SharePoint Conference 2012 is November 12th-15th in Las Vegas, so releasing SharePoint 2013 then would make complete sense from a marketing standpoint.  But again, nothing has been announced beyond “Q4.”

SharePoint 2013

SharePoint 2010 is something we love but we're still keen to ask when the next release is coming.

What will the new edition include?  Microsoft is mum at the moment and everything is pretty much scuttlebutt right now.  Mary-Jo Foley, who follows Microsoft and writes for ZDNet, indicated in her blog on February 22nd that this next edition of SharePoint will include a new SharePoint Apps Marketplace.  According to her, SharePoint Apps “will support multi-tenant installations so that hosting providers can make available the same set of applications to multiple customers.”  And, “SharePoint 15 gets a new education module/option, making the product more of a head-to-head competitor with Moodle, which is an open-source course-management system.”

There will be a lot of additional activity at Microsoft this year.  Reading Redmond Channel Partner magazine is a great way to keep up with this type of information.  According to the publication, a number of new releases are expected this year.  Here’s a rundown:

SQL Server 2012

Release scheduled: April 1, 2012 (Now Released – updated 4/2/12)

 

Windows 8

Anticipated release: Between Q3 2012 and early 2013 (updated 8/15/12)

 

Windows Server 8

Anticipated release: Between Q3 2012 and early 2013 (updated 8/15/12)

 

System Center 2012

Anticipated release: Early 2012 (Now Released – updated 6/19)

 

Internet Explorer 10

Anticipated release: Between Q3 2012 and early 2013  (updated 8/15/12)

 

“Office 15″ (Codename for Sharepoint 2013/Office 2013)

Anticipated release: Q4 2012 or early 2013

(Download SharePoint Foundation 2013 Preview now. – updated 8/12)

 

Exchange 2013 (code for “Exchange 15″)

Anticipated release: Q4 2012 (updated 8/15/12)

 

Visual Studio 2012

Anticipated release: Q3 2012 (updated 8/15/12)

 

Windows Phone “Tango” and “Apollo”

Anticipated release: Q2 and Q4 2012, respectively (Tango Now Released, and Apollo On Track – updated 8/15/12)

 

Dynamics ERP Online

Anticipated release: September or October 2012 (updated 8/15/12)

 

Office 365

Anticipated update schedule: “Almost weekly” (updated 8/15/12)

 

Windows Azure

Rumored CTP release:  Spring 2012 (updated 8/15/12)

 

What do you think SharePoint 15/SharePoint 2012/SharePoint 2013 will look like?  Share your thoughts with us below.

 

TAGS:

CATEGORIES:

8 Comments »

Demand for Cloud, Partner Program Is Driving Growth at AIS Network

February 8th, 2012
Posted by: admin

Kurt Baumann

In the data center, Kurt Baumann doubled our cloud earlier this month.

By Jay Atkinson
AIS Network CEO

More companies are shifting from on-premise computing to cloud-based services, and that means cloud providers are attaining sales goals earlier than expected.  It’s plain to see why Forrester Research analysts are predicting that the private cloud market will double to more than $15 billion in 2020.

At AIS Network, we’re experiencing a good deal of that momentum too.  Yesterday, we announced that we have doubled the size of our public cloud several months earlier than anticipated.  Last year, we brought on more new customers in one year than in any single year of the company’s 19-year history.  Notably, at AISN, new cloud customers are outpacing more traditional managed hosting customers by three to one.

In large part, I attribute this growth to the great success of the AISN partner program, which we launched last March.  Through the support of our wonderful partners, we’ve added numerous new enterprise-class customers, particularly those needing customized, cloud-based SharePoint, SharePoint for Internet Sites (SharePoint FIS) and high-end SaaS applications.

Thanks to those who refer us and to those who partner with us.  Most especially, thanks to our terrific clients.  We are looking forward to another great year!

 

TAGS:

CATEGORIES:

5 Comments »

Tribute: Remembering Lt. Colonel (Ret.) Randall L. Ford

December 20th, 2011
Posted by: admin

Randall Ford

Lt. Colonel (Ret.) Randall Leon Ford, 1938-2011

By Jay Atkinson
AIS Network CEO

This week, we remember Randall Ford, who succumbed to a lengthy battle with cancer on Sunday.  He believed in the AISN mission and was instrumental in this phase of its growth.  But most importantly, he was an encourager, a mentor, and a friend.

Randall Leon Ford was born in Marmaduke, Arkansas, on December 15, 1938, a son of Roy Ford and Rosie Foster Ford.  He graduated from Pocahontas High School in 1956. He attended Arkansas State University and graduated from University of Mississippi; later, he was commissioned as 2nd Lt. in the U.S. Army in 1961. He returned to Arkansas State University and received a Masters in History while on active duty in 1972.

Randall retired in May 1986 after 24 years of active service – including a tour in Germany, two tours in Vietnam, a tour at NATO Land South in Turkey, and service at several posts in the Military District of Washington.  In 1989, he co-founded StarTech, a security company in Washington, DC, where he continued to work until he sold the company in 2005.  He is survived by his devoted wife, Ann, two sons and a grandson – and innumerable people whom he touched throughout his life.

TAGS:

CATEGORIES:

3 Comments »

SSAE 16 Type II Compliance: The New High Bar for Hosting

November 1st, 2011
Posted by: admin

SSAE 16 Type II

What does it mean to be SSAE 16 Type II-compliant?

By Jay Atkinson
AIS Network CEO

Goodbye, SAS 70.  Hello, SSAE 16.

SSAE 16?  That’s somewhat new terminology among hosting providers and their customers and investors.  SSAE 16 certification has officially replaced the SAS 70 certification process.

This week, AIS Network announces its favorable completion of the SSAE 16 Type II audit, which was conducted by the independent auditing firm, KirkpatrickPrice, LLC.  AISN is now “SSAE 16 Type II compliant.”

So, of what significance to hosting customers is the switch from SAS 70 to SSAE 16?  And, why now?

SAS 70:  A Brief History

For almost 20 years, hosting customers, who were forced to comply with stringent regulatory or auditing standards, actively sought out hosting services providers that had completed SAS 70 (more formally known as the U.S. Statement on Auditing Standards No. 70) infrastructure and internal control examinations by independent auditors.

Until mid-June, SAS 70 was the leading standard for assurance reports for hosting providers and other service organizations.  Customers and investors relied upon independent auditors’ SAS 70 reports to understand what internal controls a hosting provider used and gain confidence that the hosting provider was implementing those controls properly.

But while a SAS 70 auditing report was helpful in providing transparency to customers or investors who needed certain assurances about a hosting provider’s internal controls, the audit itself lacked consistency with international standards.  Moreover, there was no standard or set of criteria for hosting companies to use in defining their internal controls for the purpose of the SAS 70 audit.

SSAE 16:  Setting the Bar Higher

This spring, a new standard took effect for U.S.-based colocation, cloud, managed hosting and other services providers — the Statement on Standards for Attestation Engagements No. 16, the SSAE 16.

Created by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA), the SSAE 16 replaces the SAS 70 for periods ending after June 15, 2011.

Why a new standard? Largely, SSAE 16 reflects AICPA’s efforts to converge the U.S. auditing standard with the international standard (not merely regional or national standards), and in the process, set a higher bar by refining the procedures for auditing a service provider’s internal controls.

SSAE 16 mirrors more closely the international audit standard, known as International Auditing and Assurance Standards Board (IAASB) International Standard on Assurance Engagements 3402 (ISAE 3402).  It also levels the playing field for companies by adding a new attestation standard and two more Service Organization Control (SOC) reports, all of which allow independent auditors to audit service providers more consistently – and with a standard set of criteria.  For more details, see AICPA’s discussion of SSAE 16 audits.

As with the SAS 70 audit reports, the SSAE 16 audit reports come in two flavors:  Type I and Type II.  According to the standards put forth by AICPA, Type I reports document the independent auditors’ opinion regarding the design of controls as of a set date. Type II reports go further; they include Type I criteria and audit the effectiveness of the controls over a minimum six-month period.  AISN, for example, has a SSAE 16 Type II report because it provides the highest level of assurance.

So what’s new about the SSAE 16? Like the SAS 70, SSAE 16 still reports on controls related to security, availability, confidentiality, processing integrity and privacy.  However, the primary difference between SAS 70 and the SSAE 16 is that SSAE 16 includes a new attest standard (not a new audit standard), which requires the auditor to include in its report the hosting company management’s written description (“attestation”) of the design and operating effectiveness of the internal controls to be audited and the suitable criteria used for its assessment.  A similar requirement is made of any subservice organization (for example, a data center) involved in the audit.

How will SSAE 16 impact the hosting industry? Most top-tier hosting providers have already implemented internal controls around security, availability, confidentiality, processing integrity and privacy.  They have also likely gone through the SAS 70 auditing process more than a few times.  For them, transitioning to the higher SSAE 16 standard will be painless.  However, the transition may prove more challenging for competitors that may have set less stringent controls during previous SAS 70 audits.

What does this mean for customers or investors with Sarbanes-Oxley Act (SOX) requirements? In a word, accountability.  The fact that a hosting company’s management must now make certain written attestations about their internal controls – and then include those in the independent auditors’ report – further underscores that they must take full responsibility for the controls in operation.

In this way, SSAE 16 is better aligned with SOX, which primarily impacts publicly traded companies and those who service them.  SOX mandates that a publicly traded company’s management team be held accountable for the veracity and completeness of its financial report attestations.  To achieve this, the company must have quality internal controls in place.

By using an SSAE 16-compliant hosting provider, the company is assured that the hosting company, which is more than likely hosting their mission-critical data, also maintains the same level of accountability.  The independent auditor’s SSAE 16 report essentially saves the SOX-affected customer the trouble of auditing the hosting company’s critical internal controls for SOX compliance.

What is the future of SSAE 16? We at AISN applaud the transition from SAS 70 to SSAE 16.  It represents a more meaningful audit standard that:

  • achieves parity with international standards and helps us better meet our international customers’ needs,
  • enhances our ability to provide customers with assurances about our internal controls, and
  • sets higher the bar for accountability and professionalism within our industry.

Be sure to check out AISN’s SSAE 16 Type II certification statement.  If you have any questions, we’d love to hear from you.  Contact us!

TAGS:

CATEGORIES:

5 Comments »

« Older Entries