Dec 16, 2014

Weidenhammer Successfully Completes SSAE 16 Audit for Data Center Services

Back to Press Releases

Weidenhammer, a leading provider of IT services, announced it has successfully completed the Service Organization Control 1 (SOC 1), Statement on Standards for Attestation Engagements (SSAE) 16 Type II audit from an independent CPA firm. “This audit provides independent, third-party verification that our operations meet or exceed best practice standards in key IT service areas, ensuring the highest levels of security and reliability,” states Rick Phillips, Vice President-Compute Solutions. “By successfully completing this audit, our customers and prospects are assured that we have been comprehensively examined by a third party to have sufficient safeguards and controls in place.”

What is SSAE 16?

The Statements on Standards for Attestation Engagements (SSAE 16) is an attestation standard established by the AICPA to report on the controls and services provided to customers. As opposed to the SAS 70 audit standard, compliance with the SSAE 16 attestation standard requires the data center’s management to provide a written assertion about the fair presentation of the system’s design, controls, and operational effectiveness. This statement, along with an independent auditor’s evaluation of controls like Weidenhammer’s organization, security, and management systems, are considered when determining SSAE 16 compliance.

What is SOC 1?

Weidenhammer’s SOC 1-SSAE 16 Type II audit is performed annually and covers seven specific areas, including: Controlled Environment, Physical Security, Environmental Security, Computer Operations-Backup and Storage, Computer Operations-Uptime and Maintenance, Information Security, and Data Communications.

HIPAA Compliance

As an operator of SSAE 16 compliant data centers, Weidenhammer understands the rigors required to achieve and maintain strict compliance standards for the protection of data. Weidenhammer is HIPAA compliant under its SSAE 16 controls for the storage and processing of data using its managed services and data center infrastructure. If you are required to be HIPAA compliant, you will want a data center partner that understands your requirements.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to ensure health insurance portability when workers change or lose their jobs as well as protecting the security and privacy of sensitive health information. HIPAA contains two rules, the Privacy Rule and the Security Rule. These rules establish national standards for how companies are required to protect the confidentiality, availability, and integrity of sensitive health information. The HIPAA Privacy Rule was updated in 2009 by the Health Information Technology for Economic and Clinical Health Act (HITECH). HITECH sets clear guidelines for proper interaction with health information, expands the liabilities of companies that are subject to oversight, increases fines for non-compliance, and enables more stringent enforcement.

For more information, contact Rick Phillips, Vice President – Compute Solutions at 610-378-8634, or email