Datotel specializes in assisting organizations that must demonstrate compliance with government and industry regulations such as SARBOX, HIPAA, and FDIC. With our successful completion of certification, we are able to provide our customers with greater insights into our controls, procedures and systems without them having to validate them independently. Datotel has been SAS70 certified since 2007 and SSAE16 certified since 2012 across all lines of business from Colocation to Cloud Services and Service Desk.
Datotel can provide our third-party auditor’s report to our clients upon request.
SOC 2 Type 2
Datotel has successfully completed a Service Organization Control 2 (SOC 2) Type 2 certification. Completion of the SOC 2 Type 2 certification indicates that processes, procedures and controls adopted by Datotel are formally evaluated and tested by an independent accounting and auditing firm. A SOC 2 examination is widely recognized, because it represents that a service organization has been through an evaluation of their control activities as they relate to the applicable Trust Services Principles and Criteria. The certification included the company’s controls related to the Trust Services Principles and Criteria of Security and Availability. Organizations with certification and compliance requirements such as FDA, EMA and HIPAA etc. may request and leverage the Datotel SOC 2 Type 2 report as part of their compliance strategy.
The audit includes a full assessment of:
- Security: Data centers are protected against unauthorized access (both physical and logical).
- Availability: Data centers are available for operation and use as committed or agreed.
SOC 2 vs. SOC 1
Officially, SOC standards for "Service Organization Control", which allows qualified auditors, typically licensed and registered Certified Public Accountants, to issue SOC 1 and/or SOC 2 reports. With the SSAE 16 standard effectively replacing the longstanding SAS 70 auditing standard in 2011, there's been much debate regarding SOC 1 vs. SOC 2. At its core, SOC 1 is a financial audit whereas a SOC 2 is an operational audit.
To meet the needs of technology companies, who are classified as service organization for SOC reporting, the AICPA put together the SOC 2 framework, a reporting option specifically designed for entities such as data centers, IT managed services, software as a service (SaaS) vendors and many other technology and cloud-computing based businesses. Within the SOC 2 framework is a comprehensive set of criteria known as the Trust Services Principles (TSP). Each of the principles have defined criteria (controls) to demonstrate adherence to the principles and produce an unqualified opinion (no significant exceptions found during your audit). A business isn’t required to address all the principles, the reviews can be limited only to the principles that are relevant to the outsourced service being performed.