SSAE 16 audit reports are the most practical way for you to judge your outsourced vendors’ data center security policies, processes and procedures. Trouble is, they’re really hard for even experienced CIOs to read. Oh, and vendors still control the scope of these audits so you might miss that what you receive are merely the results of interviews covering 25 controls when you should expect test results of 75 controls.
Our Certified Information Systems Security Professional (CISSP) will review your vendors’ SSAE 16 report, compare it to our gold standard criteria, calculate the risk score, roll them into our popular vendor risk scorecards and make actionable recommendations to improve your risk profile.
- Proprietary scoring methodology that analyzes year over year data center trends and 12 different security criteria
- Includes recommendations to reduce vendor data center risk exposure
- Above and beyond. We go beyond merely looking at data center security. We can also show you data center specific customer satisfaction ratings.
- Examiner-approved. Our SSAE 16 review, scoring process and risk scorecards have been approved by every regulatory agency.
Learn More About Our Vendor Due Diligence Document Collection Services
Schedule a time to talk with one of our Vendor Management Consultants
or, if you’re ready, request a custom pricing proposal
So, What Makes Us Different?
DO IT FOR ME
Let us gather and review your vendors’ SSAE 16 and SCO reports, so you can focus your time on making the best business decisions from our recommendations.
WE KNOW WHAT VENDORS WILL CONCEDE
We are in the vendor evaluation business, so we are evaluating all aspects of the major vendors every day. Not only do we review vendor financials and attend vendor earnings calls, but we meet with vendor executives every Friday to get product, company and security updates. We track vendor wins and losses , monitor changes in market share , evaluate their products and know about problems before they’re public.
Many competing vendor management software and services are actually resold by your moderate to high risk vendors .
This means they will only share publicly available information. We on the other hand are Gonzo and share non-public vendor dirt every day, all day. (link to Trouble in the Great White North)