Schedule Your Diagnostic Consultation

5 Data Center Compliance Trends for Non-Lawyer CEOs

5 Data Center Compliance Trends for Non-Lawyer CEOs

Do you think that by handing over your systems and your data to a data center, you hand over compliance issues too? While data center compliance is often a priority for the service provider, whether internal or external to your organization, as a CEO you retain ultimate responsibility for the IT assets of your organization, including its information. Nonetheless, certain trends in compliance could help you to steer clear of problems.

1. Growing Use of SSAE 16

Once upon a time, under the old SAS 70 model, data centers simply declared that they were fiscally compliant. This was useful for financial audits and Sarbanes-Oxley compliance. However, it gave no operational assurances about system availability, confidentiality, data privacy, processing integrity or security – in short, the so-called Trust Principles that an organization must also respect and uphold.

The recent switch to SSAE 16 (Statement on Standards for Attestation Engagements 16) now includes this in its SOC 2 (Service Organization Control 2) version.

2. International Compliance

SSAE 16 is a US compliance standard. There are also international standards for data center compliance, such as ISAE 3402, which is similar to SSAE 16.

ISO 27001 is also internationally used, but the differences compared to SSAE 16 are more marked.

Nonetheless, they have a big point in common in their use in testing controls related to IT and security.

3. Uptime Institute Tier Certification

Uptime Institute is a consortium formed in 1993, whose goal is to maximize the effectiveness of data centers. It has defined data center “tier standards” as a way to classify availability in a facility. The range of certification is from Tier I (basic infrastructure) to Tier IV (full fault-tolerant site).

Which one is right for your organization? You might want to consult your CIO and, if you have one, your Chief Compliance Office – see below.

(Editor’s Note: The Uptime Institute announced a few months back that it was overhauling its tier-based certification program. )

4. Corporate IT Governance

Corporate IT governance has been growing over the last decade or two. As part of this governance, IT must communicate to the business the technical and technological requirements for compliance of data center operations, in a form that senior management can understand.

Conversely, senior management must be aware of the particular requirements of the business to comply with the Trust Principles above and drive IT to satisfy them. Typical business needs are the protection of customer data and the assurance that business critical applications are always running.

5. The Chief Compliance Officer

The “In Focus: 2015 Compliance Trends Survey” from Deloitte shows that 53% of consumer and industrial products companies now have a Chief Compliance Officer, compared with 37% the year before. On the other hand, only 29% think their compliance department’s IT systems can meet the compliance reporting requirements of the business. In other words, CCOs may need to get their own IT systems in order, before they can reasonably investigate the compliance of any data center used by their organization.


The Bottom Line

CEOs will need to keep a watchful eye on compliance in the data center. This is true whether the data center is owned by their organization or offered as a service by a third party. Compliance standards, corporate IT governance and perhaps a Chief Compliance Officer are all part of the support to help a CEO ensure appropriate action. At the end of the day, however, the buck stops on the CEO’s desk!

Which type of data center compliance is most important to your organization? Give us your point of view with a note in the Comments section below.


And if you’re responsible for touting your data center’s compliance as a major selling point when bringing on new clients, be sure to download our free eBook on “Lead Generation Best Practices for Colocation Data Centers.”

Download Your Free Guide to Lead Generation Best Practices for Colocation Data Centers