SSAE 18 SOC 2 Type 2 Certification for Giva's Asia Pacific Data Centres

SSAE 18, also called Statement on Standards for Attestation Engagements 18, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for defining how data centres report on compliance controls.

SOC 2 Framework

All processes are validated against a rigorous set of controls by an independent team of CPA auditors. The annual SSAE 18 SOC 2 Type 2 compliance report is issued and shared with all Giva customers upon request. The SOC 2 framework is a comprehensive set of criteria known as the Trust Services Principles that are composed of the following five sections:
  • Security of a service organisation's system.
  • Availability of a service organisation's system.
  • Processing integrity of a service organisation's system.
  • Confidentiality of the information that the service organisation's system processes or maintains for user entities.
  • Privacy of personal information that the service organisation collects, uses, retains, discloses, and disposes of for user entities.
It is important to be aware of the differences between a Type 1 and Type 2 SSAE 18 report.
The Type 1 SSAE certification performed for many data centres uses the following criteria:
  1. The description of the service organisation's system was designed and implemented as of only a single specified report date which is typically 12/31/xx.
  2. The control objectives stated in the description were suitably designed to achieve compliance as of only a single specified report date which is typically 12/31/xx.
In other words, a Type 1 report is just a snapshot in time at a particular date which is typically 12/31/xx.
In sharp contrast, the Type 2 SSAE certification performed for Giva's data centres uses the following criteria which are more rigorous, difficult to pass and a higher overall standard:
  1. The description of the service organisation's system was designed and implemented over the period of examination which is typically a one year period such as 1/1/xx – 12/31/xx.
  2. The control objectives stated in the description were suitably designed to achieve compliance over the period of examination which is typically a one year period such as 1/1/xx – 12/31/xx.

Learn More About Giva's Asia Pacific Data Centres

Regional Data Centres Data Encryption
Data Encryption
Regional Data Centres Onsite & Offsite Encrypted Backups
Onsite & Offsite Encrypted Backups
Regional Data Centres Physical, Logical & Network Access Controls
Physical, Logical & Network Access Controls
Regional Data Centres Vulnerability Management & Logging
Vulnerability Management & Logging
Regional Data Centres Defined & Tested Security Policies & Procedures
Defined & Tested Security Policies & Procedures
Regional Data Centres SSAE 18 SOC II Type 2 Certification
SSAE 18 SOC II Type 2 Certification

Client Success

MetroHealth System Logo
  • 50% reduction in time to deploy Giva's change, incident, problem, asset management and knowledgebase modules
  • 60% reduction in the 5 year Total Cost of Ownership (TCO)
  • Saved at least 1 FTE due to lower ongoing administration
  • Saved 1 week per month due to easy to use reports
Athens Regional Health System Logo
  • Increased to 90% achievement in meeting service level agreements
  • 70% reduction in generating reports and admin; eliminated 35 hours/month
  • 50% faster to create/assign a service request
  • 60% increase in information captured during the initial phone call
  • 50% increase in the number of service requests created due to intuitive design
Santé Health Systems Logo
  • 80% increase in productivity by using Giva's dashboards and reports
  • 60% increase in meeting service level agreements
  • 50% increase in productivity by using Giva's integrated custom forms
  • 45% increase in the number of the calls logged due to Giva's intuitiveness and ease of use