New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
If you claim you own a DC should you post SOC2, SOC3 audit?
Seriously2015
Member
in General
Some are running around claiming they own a DC - should they have to post a link of their audits such as SOC2 or SOC3 to prove they are legit and truly own the DC and aren't just a 1/4 rack in someone elses dc?
Thanked by 1MikePT
Comments
Depends. Some you can visit
Who posts on LET/LEB and claims to own a DC?
@cociu
Just because you run a DC doesnt mean you paid an accounting firm $100K/YEAR to get some bullshit audit....
yes who is claiming they own a DC?
link to the post please ?
I run a datacenter... at home.
I run a datacenter... my brain. It's not very large or efficient though.
It is NOT a bullshit audit at all. It's a CYA for yourself and your customers to make sure you are in COMPLIANCE with Federal mandates. This prevents you from being sued into oblivion thereby reducing that sweet sweet revenue to $0. Furthermore, you get a baseline security level expectation which alleviates all the PointyHairBoss' stupid questions that you can safely ignore because...COMPLIANCE SEAL!
A lawsuit is 10x costlier than hiring a SOC auditor for a one time evaluation and restructuring of your business. PLUS you get the net benefit of that seal which every company wants to see and thereby increasing your revenue.
I make sure whichever DC my servers go in are SOC2/3 compliant.
You're on LET, not WHT FYI.
If you are going for Corporate/Government type customers then you probably need to have the relevant certificates and been audited against the various standards that apply in your region.
If you are going after the LEB segment meh probably not so much...
At $7 a month I don't think it really matters, as long as they have a reasonable level of redundancy and not some guy with some desktops in his shed!
How does SOC2/3 prove that you have or not have a DC?
I dont think he understands that the audits are bullshit and that ANYONE can get the audit and cert as long as they pay the ~$100k/year for the ACCOUNTING!!!! companies to do the audit.
YES, it's ACCOUNTING FIRMS that do the audits.
They dont prove a quality of the DC; guy's just a lemming with no real technical knowledge.
FYI though so that no one tries to claim anything otherwise in the future by referencing this thread, our datacenters in Los Angeles and New York are SSAE16 Type-2 SOC2; which is nice for the lemmings who think they require it.
@itschrisg thanks for calling me a lemming. I tip my hat to you sir for such incredibly gifted aptitude in insulting me (of course you often act rough on this forum, so why should I be expected to be treated different). I just thought I'd pose the question and see what replies I get, because some DC's state their audits like a badge of honor and on the other hand some skids run around inflating their "DC". So if I offended your god like knowledge on all things audit related I certainly did not mean too, and you may proceed to trash me and call me names - as this is a wonderful forum to accomplish that. of course, you could choose nicer, more appropriate words when educating someone without your godlike stature in the forum, but that might be a bit too humbling for you.
So, as someone else claimed, you are a fake username and have been here longer than April 17th. Making sure I quote your exact wordage for posterity / banning references.
who is a fake? I am new here but lurked a long time before posting. if they ban me based on your insinuations, so be it. Have a wonderful day.
and a splendid day to you as well.
Oh its marvelous Sunny and 72 mountain air - cant be beat. You do realize someone can read the forums for a while before they become a member? But hey, you assume that I was a prior member with no evidence other than perhaps I know some things about some people based on what I read. Go for the ban, I know you got the right attitude for it. You know so much- get me banned. But alas, you don't know cr^p
Why is everyone so angry on LET today???
Shut up, nobody asked you!
Do you sleep with your ISP, too?
The weather. You either have icecream with a nice girl during the afternoon and bang her smooth and nicely at the evening or you get angry. Nothing in between. I am very relaxed, by the way. Draw your conclusion... ;-)
I'm really hoping you're not referring to some type of Oedipus complex.
OH MY GOD!
Welcome to IT. Accounting firms employ very large professional services groups and do all sorts of audits - regulatory, IT, security, etc. They also do tons of audits that have nothing to do with IT. Auditing is a specialized function and they call in various domain experts as needed.
Most accounting firms are really diverse professional services firms with an accounting subgroup inside them.
A big part of this is that the big accounting companies (KPMG, etc.) back the audit with their balance sheet, so that if they say something's been checked and it later turns out not to have been, there is a big company to sue. Some mom and pop company - even if staffed by elite hackers - cannot make the same guarantee.
I agree that a lot of audits are more about checkboxes on an insurance application form than about really studying operations, but if you've ever lived through these audits, you'd know that auditors are ruthlessly march down their form. You might think the form should be longer or have different content, but that's kind of the point - if you do a SAS 70, they check everything that is listed and certify based on the industry standard.
Link please.
Many providers write "our DC", which may imply ownership, but doesn't really mean that.