SSAE 16 SOC 2 Type II
Every year, Sidus Group completes the SSAE 16 SOC 2 Type II audits with a nationally recognized accounting firm. We strive to not only SSAE 16 standards, but to exceed them. Our hardened physical security and audited process controls give our customers assurance that we take their data security seriously.
Sidus Group operates 24x7x365 with highly trained professionals who monitoring our physical security and critical infrastructure. Our in-house security team also operates 24x7x365, providing lobby security and access control, facility-wide digital camera monitoring, and intrusion detection monitoring.
About SSAE Audits
SOC 1 (SSAE) Report
Statement on Standards for Attestation Engagements (SSAE) are attestation standards put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). This report is intended to be relied upon by the financial statement auditors of Sidus Group customers. The SSAE assesses the physical security, environmental safeguards and network monitoring controls implemented by CyrusOne. Assessing these controls through the SSAE demonstrates Sidus Group commitment to the protection of all IT assets.
ISAE 3402 (SOC 1) are International Standards for Assurance Engagements, which is an assurance standard. The title is “Assurance Reports on Controls at a Service Organization”. It was published in June 2011 as a standard for documenting that a service organization has adequate internal controls; the approach is always from a financial reporting perspective.
SOC 2 (SSAE) Report
Attestation Standard 101 (AT 101) are attestation standards put forth by the ASB of the AICPA that assess Sidus Group’s controls against the Trust Services Principles and Criteria. The principles of Security and Availability are included in Sidus Group compliance reports.
SOC 2 (SSAE) Report reports in the Sidus Group’s compliance suite includes test results of disaster recovery and business continuity plans. The availability of these services is a critical success factor for enterprise customers.
Sidus Group’s dedication to strict physical access controls and facility security give our customers peace of mind that we proactively safeguard their consumer information. PCI DSS is a vital industry standard for the protection of sensitive cardholder data.
Sidus Group’s PCI DSS 3.0 compliance assessment encompassed its entire portfolio of data center facilities. Sidus Group makes all auditing and compliance documentation and reports available to customers upon request in support of their own compliance programs.
About PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) was created to meet the rising threat to individuals’ payment card information. Compliance with PCI DSS is mandatory for all organizations dealing with credit, debit and ATM cards, as defined by the PCI Security Standards Council, which includes industry giants like Visa, Master Card and American Express.
PCI DSS is a comprehensive set of standards requiring merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. The standard includes twelve requirements that include the following:
- Security management
- Policies and procedures
- Network architecture
- User access management
- Network and systems monitoring
- Software development
Sidus Group provides physical security access to customer equipment through a combination of management systems and physical access safeguards and procedures. Sidus Group does not monitor or have access to customer data, so applicability is only to physical security and management processes that govern physical security.