SOC-2 (Service Organization Control) compliance is a must-have for certain clients of data centers, as pointed out in the above interview with Brian Steuve and Robert Koch of the accounting firm of Olson Thielen. As Steuve indicates, it is about building trust and putting controls in place that puts clients’ minds at ease. More than that, SOC-2 is about having a culture of ethics, accountability and quality.
Yesterday’s presentation from Christine Duncan, Staff Director for JSI at the NTCA 2014 Finance and Accounting Conference reminded me of the above interview and the importance of creating such a culture. Although the focus of her presentation was on the benefits to having internal controls, such as ethics training, independent financial audit committees, Sarbanes-Oxley compliance and cyber-security audits, it is clear that these sort of internal controls will create the type of culture that will ease the way for SOC-2 compliance.
And, as Duncan pointed out, if customers aren’t an important enough reason to tighten controls, then the FCC’s statement that they are aggressively rooting out fraud should be a wake-up call to boards of directors. USAC is placing a strong emphasis on internal controls [not new news, as seen in this interview with JSI’s Steve Metzler from 2009]. She pointed out that ethics training, which the majority of operators don’t have, is important for reminding good people to recognize the sometimes blurry lines separating right from wrong.
Privacy and security is another area concern as Duncan pointed out that the majority of telecom boards never review their privacy and security budget. To heighten the importance of this critical function, perhaps it is time for companies to employ CHOs – Chief Hacker Officers – people who just focus just on privacy and security for both internal processes and external customers.
ITS Fiber in Florida is an example of an independent telco with a SSAE 16 Soc 2 Type 2 audited and compliant data center, as seen in this video. As pointed out in the video and associated write-up, SOC-2 was critical to getting one client’s business.
[Note: Steuve and Koch reference NIST standards found here]
MTA video coverage brought to you by the MTA Associate Members and ViodiTV.
Leave a Reply