Service Organization Controls (SOC) Reports

Latisys has successfully completed SOC 2 Type II and SOC 3 reports for its Ashburn, Chicago, Denver and Irvine data centers.

What is SOC 2 Type II and SOC 3?

Service Organization Controls (SOC) Reports help customers build trust and confidence in Latisys’ control procedures via stringent verification and validation of Latisys’ control activities and processes conducted by an independent Certified Public Accountant. The American Institute of Certified Public Accountants (“AICPA”) recently created the Service Organization Control Report framework, and replaced SAS 70 with SSAE 16. Under the new framework, service organizations who handle customer financial data would now receive a SSAE16/SOC 1 report. IT Infrastructure-as-a-Service (IaaS) solution providers like Latisys are being audited under a new standard based on AT section 101 of AICPA professional standards and are issuing SOC 2 and SOC 3 reports. These new reports provide greater definition around controls that could impact your environment at Latisys.

A SOC 2 Report focuses on controls, called Trust Services Principles, related to security, availability, confidentiality, processing integrity and privacy—validating that the system is protected against unauthorized physical and logical access, for example.   As with SAS 70 reports, an organization can receive either a Type I or a Type II report.  Type I merely reports on the suitability of the controls, while Type II tests the effectiveness of the controls. Our SOC 2 Report focuses on the Security and Availability principles.  The SOC 2 Report is available to customers and prospective customers upon request and execution of Non-Disclosure Agreement (NDA). Please contact your account manager if you would like to have a copy of the report.

SOC 3 is a summary Trust Services Report that documents assurances on Latisys’ controls related to the Security principle but without the detailed description of tests and results contained in SOC 2. 

Download the SOC 3 Report here

Why is SOC 2 Type II and SOC 3 Important to You?

In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. While SAS 70 utilized criteria that were defined by the data center provider, SOC 2 Type II and SOC 3 reports put stricter audit requirements in place and set a higher bar with a more meaningful audit standard that truly distinguishes Latisys from lesser IaaS solution providers. Because SOC 2 and SOC 3 independently verify the validity and functionality of Latisys’ control activities and processes, Latisys customers can be assured that the highest level of internal controls and security are established and maintained. This not only ensures that Latisys data centers in Englewood, CO; Oak Brook, IL; Irvine, CA; and Ashburn, VA have been through an in-depth audit to ensure adequate controls and safeguards are in place, but adds a further assessment layer by requiring an organization’s management to attest in writing to the fair presentation and design of controls.

Armed with SOC 2 Type II and SOC 3 reports, Latisys’ customers not only save time and money, they gain valuable peace of mind that their mission-critical IT systems are in good hands—today and tomorrow.