Frequently Asked Questions About SSAE 18 Type II Certification

In order to keep your files safe, you need to work with a data recovery company that uses strict security standards. Secure Data Recovery Services was the first provider to earn SSAE 18 Type II SOC-2 certification, and we frequently receive questions regarding this credential.

Secure Data Recovery Services is the first provider with a full SSAE 18 Type II SOC 1 certification.

Some of our most commonly asked questions appear below. Click on any question to view our response. If you would like to start a case or if you need more information regarding our SSAE 18 Type II certification, call us at 1-800-388-1266.

• Q: What is SSAE 18 Type II certification?
  Since 2010, SSAE 18 is the new set of accounting reporting standards issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). SSAE 18 Type II certification indicates that a company has adequate security controls to handle financial information responsibly. It is a replacement for SAS 70, a widely used set of reporting standards that AICPA discontinued in early 2010. All publicly traded institutions need to work with SSAE 18 Type II certified companies when contracting IT services.
• Q: What are the major differences between SSAE 18 and SAS 70?
  SSAE 18 standards provide a number of important updates to SAS 70. The most significant change is in terminology; while SAS 70 required auditing, SSAE 18 requires attestation, and participating businesses need to thoroughly demonstrate their capabilities in order to qualify. Businesses also need to show an ability to adapt to new security challenges and to monitor data usage. When compared with SAS 70, SSAE 18 is much more strict. The updated guidelines are very similar to ISAE 3402, an international set of reporting standards.
• Q: Why should I look for a data recovery company with a SSAE 18 Type II certification?
  Regardless of whether your company is publicly traded, you should carefully inspect your IT contractors' security credentials. Data recovery providers handle thousands of terabytes of data each year including sensitive payment information, personal pictures, company databases and more. Certification shows that a provider can prevent data leaks from compromising your confidentiality. By working with an SSAE 18 Type II certified company, you can ensure that your provider will take appropriate precautions to protect your data throughout the recovery process.
• Q: My company complies with federal information laws. Does SSAE 18 Type II certification demonstrate compliance?
  Not necessarily. While SSAE 18 Type II is a strict set of attestation standards, it is not equivalent to compliance in some circumstances. However, Secure Data Recovery Services holds a number of other credentials. We can work closely with your business to ensure compliance. Contact our customer service team for details.
• Q: Can Secure Data Recovery Services return my data in an encrypted format?
  Yes. As the industry's most reliable provider, we offer an expansive set of secure options when returning recovered data. Our teams can transfer small amounts of data via secure FTP, and we can use the encryption method of your choice when returning data on physical media.