80 likes | 186 Views
Many outsourcing providers offer services for AX management but operate without a set standard for auditing and controls. To be sure application management and hosting assets are handled appropriately, a provider must follow a set standard of controls that protect each customer's investment. For more information about AX Management, visit http://www.oneneck.com/Solutions.aspx today.
E N D
AX Management: Should an Outsourcer Complete a SSAE 16 Type II Audit?
AX Management Many outsourcing providers offer services for AX management, but operate without a set standard for auditing and controls. To be sure application management and hosting assets are handled appropriately, a provider must follow a set standard of controls that protect each customer’s investment. • What is a SSAE 16 Type II Audit? • Replacing SAS 70, SSAE 16 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). • SSAE 16 performs what the SAS 70 was originally designed to do: communicate the organization’s and auditor’s attestation on assertions made by the organization through a structured report. • The SOC 1/SSAE 16 incorporates many improvements upon the original guidebook, including management attestation.
AX Management Many outsourcing providers offer services for AX management, but operate without a set standard for auditing and controls. To be sure application management and hosting assets are handled appropriately, a provider must follow a set standard of controls that protect each customer’s investment. • What is a SSAE 16 Type II Audit? • Similar to the SAS 70, the SOC 1/SSAE 16 report may be issued in two formats: • Type I and Type II. • Type I reports are a point-in-time assessment of controls in place to ensure the stated control objectives are adequate. • Type II reports build upon Type I reports by requiring the collection of detailed evidence throughout a period of time. • This evidence demonstrates the control objectives defined are not only implemented, but being practiced throughout the audit period.
AX Management • A SSAE 16 Type II Audit Provides Necessary Insight for AX Management • To ensure the most stringent verification of controls of an outsourcing provider’s AX management, a SSAE 16 Type II audit would be preferred. • The SOC1/SSAE 16 report now provides further insight into the people, processes and technologies implemented to effectively achieve the control objectives outlined by management. • The control objectives include items related to: • Administrative Duties to ensure the outsourcing provider maintains a trustworthy workforce for AX management. • Physical Security to ensure the outsourcing provider’s facilities are protected by strong policies and practices for the highest performing AX management. • Change Management to ensure effective policies for managing changes to infrastructure are followed.
AX Management • A SSAE 16 Type II Audit Provides Necessary Insight for AX Management • To ensure the most stringent verification of controls of an outsourcing provider’s AX management, a SSAE 16 Type II audit would be preferred. • The SOC1/SSAE 16 report now provides further insight into the people, processes and technologies implemented to effectively achieve the control objectives outlined by management. • The control objectives include items related to: • Availability Management to ensure the AX management infrastructure is properly maintained and the data center environment is protected and conditioned in line with industry best practices. • Incident and Event Management to ensure tools are in place and personnel are properly trained to address potential business impacting events. • Request Management to ensure service requests flow through a proper life cycle.
AX Management • A SSAE 16 Type II Audit Provides Needed Confirmations • When an AX management outsourcer has completed a SSAE 16 Type II audit, customers can be assured certain claims have been verified. • In other words, the company is doing what it says it does when it comes to operational metrics. • For example, a SSAE 16 audit confirms the data center: • Maintains Sufficient Data and Power Redundancy • Maintains Appropriate Physical Security Controls • Monitors for Excessive Temperature Fluctuations • Reviews Alerts on a Timely Basis • Has Proper Fire/Water Detection and Protection
AX Management When a company trusts a third party for a critical service such as AX management, using only the highest quality providers is an option. Selecting an outsourcing provider without proper controls can put a business at significant risk. Therefore, companies must ensure their outsourcing partners leverage the most advanced technology and skilled personnel to help safeguard their IT assets.
ABOUT THE AUTHOR Chuck Vermillion is CEO and founder of OneNeck IT Services, a leading provider of hosted application management and managed services since 1997. For more information about AX Management, visit http://www.oneneck.com/Solutions.aspx today.