We’ve completed a number of audits over the years. Each audit results in a report such as HIPAA, SAS 70, SSAE 16, SOC 1/SOC 3 and PCI. It’s extremely expensive to do these audits well. The obvious costs are the auditors, but you can’t overlook the staff time and technology. We estimate it takes a few hundred hours of staff time for each audit, and we regularly automate many functions.
This obviously doesn’t scale well enough for us. We have multiple data centers and plan to add more throughout the Midwest. To deliver our promise of compliant computing for as many environments as possible, we had to find an industry-leading, unique and highly efficient method for performing these and other audits.
We hired a nationally-known auditing firm to develop a one-of-a-kind super audit. This super audit is a super-set of all of the audits with the redundant items removed. As a result, we now have one very large audit throughout the year that can be used to generate a full suite of reports: HIPAA, PCI, SSAE 16, etc. The result? We spend less time while experiencing less intrusion, resulting in a better audit.
We then looked at the body of audit points to identify a number of automation opportunities and turned them over to our development team. They added various tools to OTPortal such as the Walkthrough Manager and the Firewall Rule Change Manager to simplify and automate many of the functions the audit requires. We gave our auditors access to these systems to make it easier for them to audit without having to visit our data centers and to save staff time.
Our investment in the super audit and automation allows us to deliver audited, compliant hosting much more cost-effectively than many companies are able to achieve themselves.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.