Looking at the datacentre industry; for potential colocation customers commonly compliance standards are vital. However, these customers often don’t not know what each standard evaluates or how risk management in datacentres impact their business. Standards are commonly described in incomprehensible language and are often confusing customers on the impact on their business.
ISAE 3000 SOC2 and ISAE 3402 SOC1 are the most important international datacentre standards in use today. ISAE stands for International Standard on Assurance Engagements. ISAE 3402 is the standards for (financial) outsourcing and ISAE 3000 is the standard for non-financial information and if for an ISAE 3000 assurance engagement SOC2 is applied, more specifically the General IT Controls of an organization.
ISAE 3402 SOC1 and ISAE 3000 SOC2 govern the way organizations report on their various compliance controls. These reports usually come in the form of a Service Organization Control (SOC) report, which provides the information needed to accurately evaluate the risks and test risk controls associated with outsourced vendors. ISAE 3000 and ISAE 3402 reports provides the attestations of compliance with defined criteria. These defined criteria vary from the processing of financial data to IT governance and control of IT systems specifically.