12-12-11 | Blog Post
We’ve completed a number of audits over the years. Each audit results in a report such as HIPAA, SAS 70, SSAE 16, SOC 1/SOC 3 and PCI. It’s extremely expensive to do these audits well. The obvious costs are the auditors, but you can’t overlook the staff time and technology. We estimate it takes a few hundred hours of staff time for each audit, and we regularly automate many functions.
This obviously doesn’t scale well enough for us. We have multiple data centers and plan to add more throughout the Midwest. To deliver our promise of compliant computing for as many environments as possible, we had to find an industry-leading, unique and highly efficient method for performing these and other audits.
We hired a nationally-known auditing firm to develop a one-of-a-kind super audit. This super audit is a super-set of all of the audits with the redundant items removed. As a result, we now have one very large audit throughout the year that can be used to generate a full suite of reports: HIPAA, PCI, SSAE 16, etc. The result? We spend less time while experiencing less intrusion, resulting in a better audit.
We then looked at the body of audit points to identify a number of automation opportunities and turned them over to our development team. They added various tools to OTPortal such as the Walkthrough Manager and the Firewall Rule Change Manager to simplify and automate many of the functions the audit requires. We gave our auditors access to these systems to make it easier for them to audit without having to visit our data centers and to save staff time.
Our investment in the super audit and automation allows us to deliver audited, compliant hosting much more cost-effectively than many companies are able to achieve themselves.