The importance of certifications and audit reports is growing significantly during the search for colocation partners. Norms, such as ISO27001, ISO 9001 and others, have been known for a while now. But what about ISAE3402? That one confirms to enterprises outsourcing their services that processes and controls relevant for their financial results are in good hands at their datacenter operator. Colocation provider maincubes is one of the leaders when it comes to compliance with intricate standards. The locations in Frankfurt (FRA01) and Amsterdam (AMS01) have both been successfully ISAE 3402 Type 1 certified. What is in it for the customers?Outsourcing is sharply trending upwards. Enterprises are more willing to let others handle their critical processes, especially when it comes to IT. However, they still need to be able to ensure that they comply with security standards, including at external partners. And they need to be able to prove that they can, ie. with audit reports. For example, they need to ensure in their financial statements that their colocation partner complies to internal control systems (ICS).
How does inspecting service providers work? An alternative to time-consuming and expensive examinations on the location are official audits of the entire environment. One of the standards for this is the internationally recognized ISAE (International Standard on Assurance Engagements) 3402 certificate. The audits for ISAE 3402 are part of the ICS for service providers, including auditor reports, and was published in 2009 by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC). ISAE 3402 was originally developed for auditing listed companies but has developed into an established worldwide standard for outsourcing providers. For this reason, maincubes has adopted the complex set of requirements to follow the strict security guidelines we set out for ourselves from the moment of our founding.
In November 2019 maincubes has passed the audit for ISAE 3402 Type 1 with flying colors. BDO, the fifth largest accounting firm in Germany, published a positive report for both FRA01 and AMS01. This shows that the internal control systems are functioning perfectly, and it is proof that the modular management system for monitoring quality objectives is fully compliant, making our customer communication more transparent as a result.
Within one year of gaining the ISAE 3402 Type 1 certification, we are on course towards Type 2. Type 1 is proof of compliance of processes and controls at one single point in time. Type 2 extends the timeframe to at least six months. That is now well underway.
Customer Benefits of ISAE 3402
Customers that have to comply with ISAE 3402 need to work with service providers that are certified as well.
The constant digitalization of businesses and the constant growth of the financial sector has resulted in an increased interest worldwide in these audits as a requirement for colocation providers. The certification enables companies wanting to outsource to put their full trust in the integrity of their relevant financial data. Not only does it show the reliability of the colocation provider, but also that their security is future-proof. For example, maincubes constantly optimizes their quality and security management by continuously reviewing their processes even before they are fully implemented.
We also require that our organization and data centers are compliant with all relevant national and international certifications and norms, so to emphasize our high quality and security demands.
Already in 2018, we received full certification of ISO/IEC 27001-2013 for our headquarters and our datacenters FRA01 and AMS01. These comply with all contractual and legal requirements and guidelines for data protection, as well as for data and information security. This applies to our infrastructure and technology, but also to our services, processes and human resources.
The primary datacenters are also TÜV tested (FRA01 and subject to ISO 9001 certification. We offer certified security, Made in Germany, at all our locations, and we have a portfolio of established certifications and norms that attain the highest levels of quality and security, which includes multi-level biometric access control, camera surveillance, uninterrupted power supply, innovative passive cooling systems and 24-hour security service. The datacenters of maincubes are among the most advanced, secure and powerful in the world.
Antje Tauchmann, Head of Marketing bei maincubes