VAZATA Gets “Thumbs Up” on SSAE SOC1 Audit for 2013

Plano, Texas, March 07, 2014 – VAZATA, a full service cloud infrastructure, managed services and colocation provider, is proud to announce the successful completion of the SSAE SOC1, Type 2 audit for 2013. The audit was performed by the accounting firm of CohnReznick, with validation that VAZATA has proper controls in place in order to provide secure, compliant cloud data services. SOC1 audits are conducted in accordance with SSAE 16 and the accompanying SSAE 16 audit guide.

Some 35 individual controls were tested in seven security areas such as Environmental Controls, Acquiring Technology for Infrastructure, Change Management, Logical and Physical Access/Security, and Problem Management. Nearly 300 individual documented instances of evidence were provided by VAZATA to the auditors in support of this analysis.

The audit report shows “no exceptions noted” for all of these criteria.

“Our goal has always been to deliver innovative and reliable solutions in the data center, virtualization/cloud and managed IT services markets, so we take tremendous pride in achieving yet another milestone. It reaffirms that VAZATA is on the right track for providing our customers with the best possible security-centric products and services,” noted Lance Black, Founder and CEO.

SOC 1 reports, which have effectively replaced SAS 70 reports as of June 15, 2011, retain the original purpose of SAS 70 by providing a means of reporting on the system of internal control for purposes of complying with internal control over financial reporting.

SOC 1 reports are reports restricted to use by only:

• Management of the service organization (the company who has the SOC 1 performed)

• User entities of the service organization (service organization’s clients), and

• The user entities’ financial auditors (user auditor). The report can assist the user entities’ financial auditors with laws and regulations such as the Sarbanes-Oxley Act. A SOC 1 enables the user auditor to perform risk assessment procedures, and if a Type II report is performed, to assess the risk of material misstatement of financial statement assertions affected by the service organization’s processing.