5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Embed Size (px)

Citation preview

Page 1: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)


5 Data Center Compliance Trends for

Non-Lawyer CEOs

Page 2: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Do you think that by handing over your systems and your data to a data center, you hand over

compliance issues too?

Sponsored by http://www.DataCenterLeadGen.com

Page 3: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

While data center compliance is often a priority for the service provider, whether internal or

external to your organization, as a CEO you retain ultimate

responsibility for the IT assets of your organization, including its

information.Sponsored by http://www.DataCenterLeadGen.com

Page 4: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Certain trends in compliance could help you to steer clear of problems.

Sponsored by http://www.DataCenterLeadGen.com

Page 5: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

1. Growing Use of SSAE 16Once upon a time, under the old

SAS 70 model, data centers simply declared that they were

fiscally compliant. This was useful for financial audits

and Sarbanes-Oxley compliance. Sponsored by http://www.DataCenterLeadGen.com

Page 6: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

However, it gave no operational assurances about system:•Availability•Confidentiality•Confidentiality•Processing integrity or securityIn short, the so-called Trust Principles that an organization must also respect and uphold.

Sponsored by http://www.DataCenterLeadGen.com

Page 7: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

The recent switch to SSAE 16 (Statement on Standards for

Attestation Engagements 16) now includes this in its SOC 2 (Service Organization Control 2) version.

Sponsored by http://www.DataCenterLeadGen.com

Page 8: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

2. International Compliance

SSAE 16 is a US compliance standard. There are also

international standards for data center compliance, such as ISAE

3402, which is similar to SSAE 16.

Sponsored by http://www.DataCenterLeadGen.com

Page 9: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

ISO 27001 is also internationally used, but the differences compared

to SSAE 16 are more marked.Nonetheless, they have a big point in common in their use in testing controls related to IT and security.

Sponsored by http://www.DataCenterLeadGen.com

Page 10: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

3. Uptime Institute Tier CertificationUptime Institute is a consortium formed in 1993, whose goal is to maximize the effectiveness of data centers. It has defined data center “tier standards” as a way to classify availability in a facility. The range of certification is from Tier I (basic infrastructure) to Tier IV (full fault-tolerant site).

Sponsored by http://www.DataCenterLeadGen.com

Page 11: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Which one is right for your organization? You might want to

consult your CIO and, if you have one, your Chief Compliance Office – see

below.(Editor’s Note: The Uptime Institute

announced a few months back that it was overhauling its tier-based

certification program. )Sponsored by http://www.DataCenterLeadGen.com

Page 12: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

4. Corporate IT GovernanceCorporate IT governance has been

growing over the last decade or two. As part of this governance, IT must

communicate to the business the technical and technological requirements for

compliance of data center operations, in a form that senior management can

understand.Sponsored by http://www.DataCenterLeadGen.com

Page 13: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Conversely, senior management must be aware of the particular requirements of the business to comply with the Trust Principles

above and drive IT to satisfy them. Typical business needs are the protection of

customer data and the assurance that business critical applications are always

running.Sponsored by http://www.DataCenterLeadGen.com

Page 14: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

5. The Chief Compliance OfficerThe “In Focus: 2015 Compliance Trends Survey” from Deloitte shows that:• 53% of consumer and industrial products companies now have a Chief Compliance Officer, compared with 37% the year before.•On the other hand, only 29% think their compliance department’s IT systems can meet the compliance reporting requirements of the business. 

Sponsored by http://www.DataCenterLeadGen.com

Page 15: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

In other words, CCOs may need to get their own IT systems in order, before they can reasonably investigate the

compliance of any data center used by their organization.

Sponsored by http://www.DataCenterLeadGen.com

Page 16: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

The Bottom Line

CEOs will need to keep a watchful eye on compliance in the data center. This is true whether the data center is owned

by their organization or offered as a service by a third party. 

Sponsored by http://www.DataCenterLeadGen.com

Page 17: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Compliance standards, corporate IT governance and a Chief Compliance

Officer are all part of the support to help a CEO ensure appropriate action. At the end of the day, however, the buck stops

on the CEO’s desk!

Sponsored by http://www.DataCenterLeadGen.com

Page 18: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Which type of data center compliance is most important to your organization?

Sponsored by http://www.DataCenterLeadGen.com

Page 19: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Give us your point of view with a note in the Comments section below.

Sponsored by http://www.DataCenterLeadGen.com

Page 20: 5 Data Center Compliance Trends for Non-Lawyer CEOs (SlideShare)

Copyright © SP Home Run Inc. SP Home Run is a Registered Trademark of SP Home Run Inc. All Worldwide Rights Reserved.

Recommended Reading

Learn How Colocation Data Centers Can Create a Scalable, Data-Driven, Marketing and Sales Funnel That Powers Growth

Download Your Free Copy Now at http://www.DataCenterLeadGen.com