Return to Events

IIJ to Revamp Cloud Service Operations in Preparation for Receipt of SSAE16 Type 2 Report

dl button PDF [33 KB] 21 July 2011

TOKYO-July 21, 2011-Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced that it revamped its operating structure of system operations and maintenance processes related to the IIJ GIO Component Service in preparation for receiving the Type 2 Report as detailed in the Statement on Standards for Attestation Engagements No. 16 (SSAE16).

SSAE16 is an attestation standard issued by the American Institute of Certified Public Accountants for evaluating the effectiveness of internal controls at companies engaging in outsourcing services, i.e. service organizations. The Type 2 Report is an attestation issued by an independent auditor stating whether the internal controls related to the described services were suitably designed to achieve the control objectives, and whether they were effectively in operation during the evaluation period.

The trend in recent years has been for more and more companies, particularly financial institutions, to strengthen internal controls. In the IT industry as well on this trend, an increasing number of companies received Type 2 Reports under SAS70 (*), the predecessor of SSAE16, on the effectiveness of internal controls primarily related to data center services. Since the Great East Japan Earthquake, there has been a rush to move operations from corporate services to cloud-based services as part of business continuity and disaster recovery plans. As a result, we believe that it is important not only to evaluate the data center facilities but also virtualization and other elements of the cloud environment itself.

As an industry leader by being the first to receive an SSAE16 Type 2 report on its cloud services, IIJ increases service quality and reliability to provide a secure platform, assuring those clients who may have some doubts or reservations about using cloud services. In addition, clients using the IIJ GIO Component Service can use the SSAE16 Type 2 Report on the cloud services outsourced to IIJ, and thus reduce their auditing work when evaluating their internal controls or receiving an audit by an external auditor.

IIJ is preparing for audits on other IIJ GIO Services as well, such as the IIJ GIO Hosting Package Service, IIJ GIO Storage Service, and IIJ Raptor Service (FX system).

IIJ will continue to do everything possible to improve security on its cloud services.

(*) SAS70 "Reports on the Processing of Transactions by Service Organizations" (AICPA/1992) is the standards for evaluating the effectiveness of internal controls of a service organization related to financial reporting of user organizations, which was developed by the American Institute of Certified Public Accountants. In April 2010, the institute replaced SAS70 with new standards, SSAE16 "Reporting on Controls at Service Organizations."