ViodiTV

SOC It to Me – Building a Culture of Ethics, Accountability & Quality

by

Ken Pyle

SOC-2 (Service Organization Control) compliance is a must-have for certain clients of data centers, as pointed out in the above interview with Brian Steuve and Robert Koch of the accounting firm of Olson Thielen. As Steuve indicates, it is about building trust and putting controls in place that puts clients’ minds at ease. More than that, SOC-2 is about having a culture of ethics, accountability and quality.

Yesterday’s presentation from Christine Duncan, Staff Director for JSI at the  NTCA 2014 Finance and Accounting Conference reminded me of the above interview and the importance of creating such a culture. Although the focus of her presentation was on the benefits to having internal controls, such as ethics training, independent financial audit committees, Sarbanes-Oxley compliance and cyber-security audits, it is clear that these sort of internal controls will create the type of culture that will ease the way for SOC-2 compliance.

And, as Duncan pointed out, if customers aren’t an important enough reason to tighten controls, then the FCC’s statement that they are aggressively rooting out fraud should be a wake-up call to boards of directors. USAC is placing a strong emphasis on internal controls [not new news, as seen in this interview with JSI’s Steve Metzler from 2009]. She pointed out that ethics training, which the majority of operators don’t have, is important for reminding good people to recognize the sometimes blurry lines separating right from wrong.

Privacy and security is another area concern as Duncan pointed out that the majority of telecom boards never review their privacy and security budget. To heighten the importance of this critical function, perhaps it is time for companies to employ CHOs – Chief Hacker Officers – people who just focus just on privacy and security for both internal processes and external customers.

ITS Fiber in Florida is an example of an independent telco with a SSAE 16 Soc 2 Type 2 audited and compliant data center, as seen in this video. As pointed out in the video and associated write-up, SOC-2 was critical to getting one client’s business.

[Note: Steuve and Koch reference NIST standards found here]

MTA video coverage brought to you by the MTA Associate Members and ViodiTV.

4 responses to “SOC It to Me – Building a Culture of Ethics, Accountability & Quality”

  1. Managing Risk for New Services #Summit21

    […] building a business plan to provide cloud and other relatively new services. His comments echo those of Brian Steuve and Robert Koch of the accounting firm of Olson Thielen regarding the importance of establishing and […]

    Reply
  2. Anonymous Avatar
    Anonymous

    That was a really great piece. Something that they did not mention is that there is a Soc 2 type 1 and a Soc 2 type 2. The type one is not nearly as assuring as type 2 because type 1 audits a particular day in time and type 2 audits over a period of time. So Type 2 will confirm that the provider is observing solid practices over time rather than just on the day the audit was performed.

    Reply
  3. Viodi View – 09/05/14 | The Viodi View

    […] SOC It to Me – Building a Culture of Ethics, Accountability & Quality […]

    Reply
  4. A Cloud Protected from All the Elements – ViodiTV

    […] would also survive a thousand-year flood. Carter indicates that their data center and processes are SSAE 16, Soc 2 Type 2 compliant. They create a secure location for local customers to store their content. Through virtualization, […]

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.