The Importance of SSAE 18 Certification for Data Recovery
SSAE stands for Statement on Standards for Attestation Engagements. As of June of 2011, SSAE 18 is the active attestation standard for security systems with confidential payment data.
The SSAE 18 document essentially provides an updated version of SAS 70 standards, which publicly traded companies in the United States have used to ensure data security since the 1990s. The purpose of both standards is to prevent security flaws from compromising financial information.
While they are inherently similar, SSAE 18 and SAS 70 standards have a few key differences. SSAE 18 Type I and Type II standards place requirements on "systems" rather than "controls." While this seems like a minor distinction, it allows for a much more comprehensive approach to security. Data recovery companies need to completely rethink their networking and media handling procedures in order to stay compliant.
Unlike SAS 70 standards, SSAE 18 SOC 2 Type II & SOC 3 standards require managerial reporting and oversight. Our team is directly involved in the attestation process, and if our security systems fail to meet set standards, management is directly accountable. This ensure consistent long-term security. Data recovery companies must provide clear evidence of their security systems in order to comply with SSAE 18 SOC 2 Type II & SOC 3 specifications. Because of this, compliance is an involved, time-consuming process.
Secure Data Recovery Services' SSAE 18 Type II certification was completed under SOC 1 standards, and SSAE 18 Type I certification was completed under SOC 2 standards. SOC stands for Service Organization Control, and SOC 1 is designed specifically for data service businesses and organizations. SOC 2 is a restricted report designed primarily for data centers, software-as-a-services (SaaS) businesses and other organizations, and SOC 3 is a general-use report that uses the same principles as SOC 2. All data recovery vendors should offer access to a completed SSAE 18 SOC 2 Type II & SOC 3 report in order to demonstrate compliance.
We use SSAE 18 Type I and Type II certified networks and procedures when performing all of our services including:
- Hard Drive Data Recovery
- RAID Repair and Data Recovery
- Virtual Server Recovery
- Computer Repair
- Computer Forensics, Data Tape Transfer and More
Overall, SSAE 18 greatly improves upon SAS 70, providing much-needed updates that directly reflect data recovery security. Data recovery companies need to follow the newer standards in order to keep sensitive data confidential, and businesses of all sizes need to insist on SSAE 18 Type I and Type II certifications to avoid serious security risks. We proudly post proof of our SSAE 18 certifications to give our clients unprecedented access to key security information.
A New Standard for Data Recovery Security
We take every possible step to protect our clients' confidentiality while providing our services. In addition to SSAE 18 SOC 2 Type II & SOC 3 certifications, we hold credentials that show our compliance with various other standards.
Our security credentials include:
- Family Educational Rights and Privacy Act (FERPA) Compliance
- Payment Card Industry Data Security Standard (PCI-DSS) Compliance
- SAS 70 Compliance and More
Important data needs appropriate protection. At Secure Data Recovery Services, we use the best information security in the industry, and we proudly provide our clients with full access to our attestation reports. As the first provider with SSAE 18 SOC 2 Type II & SOC 3 certifications, we hold our facilities to exceptionally high standards. If you have any questions about our data recovery security systems or if you need to make additional arrangements for high-security data recovery, contact our customer service team today at 1-800-388-1266.