Dec 14, 2014

Which certification do you look for in a data center: ISO 27001 or SSAE 16?

Are both standards comparable, or does one have more stringent standards than the other?
Best answer
12/15/2014
They really cover two different areas. SSAE15 is used by auditors to test security controls.
ISO 27001 is more a traditional series of standards of operations and best practices. I think both play an important part of any data center setup.
12/17/2014
ISO/IEC 27001:2013
https://en.wikipedia.org/wiki/ISO/IEC_27001:2013

"ISO 27001:2013 is an information security standard that was published on the 25th September 2013.[1] It cancels and replaces ISO/IEC 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.[2] It is a specification for an information security management system (ISMS). Organisations which meet the standard may be accredited by an independent accreditor."


What is SSAE 16 ? | Important Points You Need to Know
http://www.ssae16.org/white-papers/what-is-ssae-16.html

"That's seems to be the chatter of late for many CPA firms, service organizations, and other interested parties. Statement on Standards for Attestation Engagements no. 16 (SSAE 16) is the new "attest" standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). For reporting periods ending on or after June 15, 2011, SSAE 16 will become the new standard for reporting on controls at service organizations, essentially replacing Statement on Auditing Standards no. 70, simply known as SAS 70. "
Best answer
12/15/2014
They really cover two different areas. SSAE15 is used by auditors to test security controls.
ISO 27001 is more a traditional series of standards of operations and best practices. I think both play an important part of any data center setup.
Answer this