(WEB HOST INDUSTRY REVIEW) — On-demand data center services provider SoftLayer Technologies (www.softlayer.com) has completed the SAS 70 Type II audit of all its existing data center facilities in Dallas, Seattle, and Washington, DC, marking the second year it has maintain prescribed levels of data security and redundancy, as well as personnel controls.
According to its announcement this week, SoftLayer’s SAS 70 data centers abides by specific procedures for accessing servers and data. All systems access and activity must be logged, and all physical access must be highly controlled. The successful review of these requirements was conducted by an independent auditing agency and included extensive testing performed over a 12-month period.
“A SAS 70 Type II review is an in-depth survey of a service organization’s control objectives and activities,” SoftLayer customer service manager Steve Kinman said in a statement. “With an objective evaluation of our organization’s effectiveness in meeting our control objectives, we can continue to assure our customers the highest levels of security and reliability. It is an important step for any service organization supporting outsourced, mission-critical, and information technology services.”
Developed by the American Institute of Certified Public Accountants, SAS 70 is the part of the Sarbanes-Oxley Act of 2002 that concerns data center operations and internal controls. While the Sarbanes-Oxley act was originally intended for the financial services industry (in response to a number of major corporate and accounting scandals such as those affecting Enron, Tyco International, WorldCom, and others), the SAS 70 element of it has become known as a high standard for evaluating outsourced data center solutions.
SoftLayer’s survey includes a full assessment of executive management oversight, operations and customer service, development and IT organization, human resources policies and procedures, and risk assessment monitoring.
In addition, SoftLayer is in the process of achieving Payment Card Industry (PCI) Level 1 certification, with expected completion by midyear. PCI compliance helps to ensure the security of credit card data transmitted online. Level 1 is the highest level of compliance, necessary for merchants processing large quantities of online credit transactions.
