2012.04.10
NTT Comware Obtained the New Compliance Report for their Data Center for Strengthening Cloud Security Environments
- The New Global Standards for Compliance, ISAE3402/SSAE16 (Type 2) -
NTT Comware Corporation (Head office: Minato-ku, Tokyo; President: Michio Sugimoto; below, NTT Comware) has obtained the compliance report (Type 2) (*1) for ISAE3402/SSAE16 (of the United States), which are the global standards for ensuring the compliance and effectiveness of the operations for data centers respectively.
Conventionally, data center users are required to audit their compliance situations including the data centers which they are using, in order for an evaluation of the compliance and its effectiveness related to their financial statements. However, there has been an issue of time and cost consuming to monitor the compliance situations, as they need to check with their data center provider in a long-term perspective.
The new compliance report will be a solution for the issue, as users of NTT Comware's Tokyo Data Center are provided with a report of compliance including the service operations updates. It will be for the users' securities in using the services. Furthermore, as compliance reports of the data center service providers are required under the Public Company Accounting Reform and Investor Protection Act of 2002 (the Sarbanes Oxley Act or SOX Act) and the Financial Instruments and Exchange Act in Japan, the report is expected to significantly reduce workloads of the monitoring activities. ISAE3402 and SSAE16 also comply with the international standards including that are required in the United States, against SAS70. This new report will achieve higher accountability of data centers for the users (*5).
NTT Comware will obtain more compliance reports to meet both standards for other data centers in order to meet with the customers needs in the global market.
- Scope of the Report
Compliance of data center services pertaining to its physical and environmental securities
*1 ISAE3402 (International Standards on Assurance and Engagements 3402. Announced by International Federation of Accountants in December 2009)/SSAE16 (Statement on Standards for Attestation Engagements No.16. Announced by American Institute of Certified Public Accountants in April 2010). This is the successor of SAS70 to evaluate compliance situations of the services stated in financial statements of companies. The reports include Type 1 and 2, the description of the system of the provider given by an independent auditor and the evaluation report of maintenance and operational conditions of a data center service provider company.
*2 Tokyo, Saitama, Osaka, Kyoto, Nagoya and Hokkaido
*3 SAS70 (Statement on Standards for Attestation Engagements No. 70). Announced by American Institute of Certified Public Accountants in April 1992. An audit standard to evaluate compliance situations of outsourcers.
*4 Housing services users, and cloud service providers using a data center.
*5 The compliance report currently obtained by NTT Comware requires an assertion of the service providers in terms of their operational processes and compliance situations, which was not required under SAS70. The service providers are now more required to have a strong sense of responsibilities in their services by obtaining the report.
The information shown in this page is the latest as of the day of the release. It is subject to change without further notice. Thank you for your kind understanding and consideration. PageTop
