SAS 70 Type II Data Center Compliance

AIS data centers in San Diego, Los Angeles and Phoenix are audited annually by a certified independent CPA firm for SAS 70 Type II compliance

History of the SAS 70 standard

The Statement on Auditing Standards No. 70 (SAS 70) is an audit that was created by the American Institute of Certified Public Accountants (AICPA). The AICPA is the national association of Certified Public Accountants (CPA) who create and roll out industry-wide standards that are practiced in both public and private areas, from businesses to government institutions. More information can be found on the AICPA website (located here) or the WikiPedia page (located here). In 1993, the AICPA set the foundation for the SAS 70 audit guidelines, which were initially titled “Reports on the Processing of Transactions by Service Organizations” and was reaffirmed in 2002 by the Sarbanes-Oxley Act (more information on WikiPedia, located here). This guidance translated to CPA firms the ideal way to assess the internal processes behind an orginization, examining and auditing the effectiveness of the sensitive information controls that run a company. There are (2) types of SAS 70 reports: Type I, and Type II. The Type I is a smaller audit, performed based on a handful of controls and generally without a site visit, while the Type II is much more thurough, and requires an on-site inspection and in-person employee interviews. Audits are renewed on an annual basis to confirm that the verified procedures have been maintained and are just as affective following the previous years audit.

What is a SAS 70 compliant / certified / audited data center?

When a colocation facility requests to be SAS 70 compliant, it hires an independent, registered CPA firm that is experienced in SAS 70 audits and, preferably, performing those audits for data centers. The Type II is the audit standard AIS utilizes for all data centers and is performed annually, usually taking between 4-6 weeks to complete the examination utilizing the CPA's controls (from security to business continuity). After the CPA firm completes its validity and functionality investigation of a colocation company, they deliver a SAS 70 audit report (sometimes over 100 pages) which it may choose to give out to its own customers and vendors. All AIS data center facilities are SAS 70 Type II Certified, or are in the process of receiving such a report. AIS facility list:

• Lightwave Data Center (San Diego, CA) - SAS 70 Type II audited
• San Diego Tech Center (San Diego, CA) – SAS 70 Type II audited
• Fiber Alley Data Centers #1, 2, 3, (San Diego, CA) – Currently under audit
• One Wilshire Data Center (Los Angeles, CA) – SAS 70 Type II audited
• Van Buren Data Center (Phoenix, AZ) – Currently under audit

SAS 70 and PCI compliance for AIS Clients

AIS offers its SAS 70 Type II audit report documentation to its current and prospective clients. Additionally, AIS will assist with client audits (SAS 70, PCI, etc) that require a crediable colocation facility with that meets up to the standards that a CPA will be looking at. For more information, please call (866) 971-COLO.

REQUEST INFORMATION