INAP IS NOW HORIZONIQ.
Click here to LEARN more.

Jul 16, 2013

Do you speak data center?

INAP

Do you speak data center

Language is important for communicating with others and navigating your way in life – whether it is around a city, medical situation, or data center. To express your requirements or evaluate services, it helps to share a common understanding of terminology. Here is a sample of key terms that speak to your data center needs and highlight Internap’s approach within our data centers.

Uptime – Measure of availability. Internap offers a 100% uptime Service Level Agreement (SLA) guarantee for IT infrastructure and IP.

Uninterruptible Power Supply (UPS) – Backup power supply that, in case of power failure or fluctuations, allows enough time for an orderly shutdown. Internap offers properly sized units that maintain operations until generator power kicks-in in the event of power loss, supporting our 100% uptime SLA.

Computer Room Air Conditioning Units (CRAC Unit) – Monitors and maintains the temperature, air distribution and humidity in the data center. State-of–the-art units control the ambient temperature in the room based on ASHRE industry standards.

Closed Circuit Television (CCTV) – Surveillance cameras to view and record activity. Rigorous security is maintained in data centers 24/7 through strategically placed cameras, HID card access, biometric scanners, and on-site security personnel.

Cabinet/Racks– Physical unit to house customer devices in a data center. Locking cabinets and racks with scalable power can safely host valuable equipment.

Cages– Mesh enclosed areas that are occupied by a single customer. Internap provides an optimum, cost-effective area that is calculated based on your specific requirements.

Scalable Power Density – Power in kW per unit area. Scalable power density up to 18kW per cab is available, allowing for cost-effective, flexible solutions.

SOC2 – An independent, professional audit of security, availability, process integrity, privacy and confidentiality. Data centers with SOC 2 certification offer stringent control systems that safeguard customer data and resources.

To discuss your specific data center requirements and learn how to customize the best colocation, managed hosting, or cloud solution for your company, contact Internap today.

Explore HorizonIQ
Bare Metal

LEARN MORE

About Author

INAP

Read More
May 7, 2013

SSAE, SOC 2 & SOC 3 reporting standards

Paul Painter, Director, Solutions Engineering

The last time I wrote about SOC 2 reporting, it was still very new. I was still learning about these standards, and as a result, may notchart showing ssae, soc 1, soc 2, have been as exact as you might have wanted. I also may have been a little hard on SSAE reports. And despite my description, there is no SSAE SOC 2 report; SSAE and SOC 2 are different types of audits.

So now, I thought it might be worth a refresh of some key SSAE, SOC 2, and SOC 3 points, thoughts, and opinions.

 

What is the difference between SOC1 vs SOC2 vs SOC3?

  • SSAE 16 or SOC 1 is basically a replacement for what was known as SAS70. With this report, an auditor will evaluate controls as defined by the service provider and offer an opinion. Depending on how rigorously the service provider tests, the report may be extremely valuable or not that helpful to the service provider’s customers.

 

  • SOC 2 and SOC 3 are based around the American Institute of Certified Public Accountants’ Trust Service Principles (TSP) of security, availability, processing integrity, confidentiality, and privacy. Service providers being audited under SOC 2 and 3 are evaluated against both their own controls and some predefined TSP controls. Because of these standards, these reports are, in my opinion, and the opinion of others, more likely to be useful. Note however, that a service provider is not required to test on all 5 TSPs, so there may be differences even among SOC 2 or 3 reports from different providers.

 

  • A SOC 2 report contains the auditor’s report and details around the tests performed, the results and an opinion on the controls. A SOC 3 report only contains the auditor’s report on whether the controls meet the service criteria established under TSP. Which one is better depends on what level of detail a customer needs.

 

  • The testing for each type of audit can be at a certain time (Type I), or over a specified period (Type II).

 

  • No one gets certified with one of these audits. A service provider simply “successfully completes” the audit. To find out how successfully, you need to read the service providers’ reports.

Soc 2 Report Summary

Hopefully, the information above is useful and will help you make informed choices. If you want some additional opinion, I am partial to SOC 2 Type 2 reports. It’s what we do here at Internap. These reports provide info about operational controls and provide auditor insight into how well those controls work. This seems to be what most of our customer’s auditors want.

But beyond that, these reports are great tools for us to benchmark our own performance. For HorizonIQ, it’s not just a marketing gimmick; it’s serious business. And that’s probably as important as any other reason when you trust your business with us.

Explore HorizonIQ
Bare Metal

LEARN MORE

About Author

Paul Painter

Director, Solutions Engineering

Read More
Apr 3, 2012

What is SOC 2?

INAP

What is SOC 2?A customer recently tweeted asking us, “What is SOC 2 and what makes it better?”

SOC 2 in 140 characters:

SOC 2 assures clients we use systems to protect their data. It audits security, availability, process integrity, privacy and confidentiality.

[Tweet “SOC 2 assures clients we use systems to protect their data. It audits security, availability, process integrity, privacy and confidentiality.”]

The longer version:

SAS70 was designed to audit controls whereas SSAE was designed to attest to the validity of systems fitness for a particular purpose. The differences are more obvious at the associated SSAE SOC level. SOC 1 is primarily designed to review financial reporting systems. SSAE SOC 2 covers operational control systems following a predefined Trust Services Principles and Criteria around security, availability, process integrity, privacy and confidentiality. SOC 3 documents relate to whether service organizations systems met the SOC 2 criteria but do not describe the tests or results achieved.

Our SSAE SOC 2 reporting assures our customers that we have adequate control systems in place to safeguard their data and information.

For more information on the transition, plus how this reporting strengthens our managed services, visit our auditing standards page.

Explore HorizonIQ
Bare Metal

LEARN MORE

About Author

INAP

Read More