– Val Stinson, Director of compliance, SoftLayer
SoftLayer Technologies today announced that it successfully completed its Service Organization Controls (SOC) 2 Type II examination for the company’s 13 data centers, located in the United States, Singapore and the Netherlands. The examination, conducted by independent accounting and auditing firm Weaver,evaluated the processes, procedures and controls for security and availability at SoftLayer’s facilities for the year-ending October 31, 2012.
SOC 2 certification assures SoftLayer customers that the company has effective operational controls and meets audit levels for data protection and availability. Organizations with certification and compliance requirements such as HIPAA and PCI DSS may request and leverage the company’s SOC 2 Type II report as part of their compliance strategy.
“SOC 2 exams are rigorous independent assessments, geared toward technology service providers, especially those running data centers,” said Val Stinson, director of compliance for SoftLayer. “With our successful completion of testing, we’re able to provide our customers with greater insights into our controls, procedures and systems for our entire portfolio of cloud based services. To date, approximately 100 customers have requested our SOC 2 Type II report as a part of their compliance efforts.”
This certification is also an important step for any Infrastructure-as-a-Service (IaaS) provider that supports outsourced, mission-critical, and information technology services. The audit includes a full assessment of:
- Security: Data centers are protected against unauthorized access (both physical and logical).
- Availability: Data centers are available for operation and use as committed or agreed.
- Processing integrity: Processing is complete, accurate, timely and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with privacy principles issued by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
A SOC 2 examination is widely recognized, because it represents that a service organization has been through an evaluation of their control activities as they relate to the applicable Trust Services Principles and Criteria. A Type II report not only includes the service organization’s system description, but also includes detailed testing of the design and operating effectiveness of the service organization’s controls.