Many outsourcing providers offer services for AX management but operate without a set standard for auditing and controls. To be sure application management and hosting assets are handled appropriately, a provider must follow a set standard of controls that protect each customer's investment. For more information about AX Management, visit http://www.oneneck.com/Solutions.aspx today.

1. AX Management:
Should an Outsourcer Complete a SSAE 16 Type II Audit?
http://www.oneneck.com
Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.

2. AX Management
Many outsourcing providers offer services for AX management, but operate without a set
standard for auditing and controls.
To be sure application management and hosting assets are handled appropriately, a provider
must follow a set standard of controls that protect each customer’s investment.
What is a SSAE 16 Type II Audit?
•Replacing SAS 70, SSAE 16 is an internationally recognized auditing standard
developed by the American Institute of Certified Public Accountants (AICPA).
•SSAE 16 performs what the SAS 70 was originally designed to do: communicate the
organization’s and auditor’s attestation on assertions made by the organization
through a structured report.
•The SOC 1/SSAE 16 incorporates many improvements upon the original guidebook,
including management attestation.
http://www.oneneck.com
Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.

3. AX Management
Many outsourcing providers offer services for AX management, but operate without a set
standard for auditing and controls.
To be sure application management and hosting assets are handled appropriately, a provider
must follow a set standard of controls that protect each customer’s investment.
What is a SSAE 16 Type II Audit?
•Similar to the SAS 70, the SOC 1/SSAE 16 report may be issued in two formats:
Type I and Type II.
•Type I reports are a point-in-time assessment of controls in place to ensure the
stated control objectives are adequate.
•Type II reports build upon Type I reports by requiring the collection of detailed
evidence throughout a period of time.
•This evidence demonstrates the control objectives defined are not only implemented,
but being practiced throughout the audit period.
http://www.oneneck.com
Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.

4. AX Management
A SSAE 16 Type II Audit Provides Necessary Insight for AX Management
To ensure the most stringent verification of controls of an outsourcing provider’s AX
management, a SSAE 16 Type II audit would be preferred.
The SOC1/SSAE 16 report now provides further insight into the people, processes and
technologies implemented to effectively achieve the control objectives outlined by
management.
The control objectives include items related to:
•Administrative Duties to ensure the outsourcing provider maintains a trustworthy
workforce for AX management.
•Physical Security to ensure the outsourcing provider’s facilities are protected by
strong policies and practices for the highest performing AX management.
•Change Management to ensure effective policies for managing changes to
infrastructure are followed.
http://www.oneneck.com
Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.

5. AX Management
A SSAE 16 Type II Audit Provides Necessary Insight for AX Management
To ensure the most stringent verification of controls of an outsourcing provider’s AX
management, a SSAE 16 Type II audit would be preferred.
The SOC1/SSAE 16 report now provides further insight into the people, processes and
technologies implemented to effectively achieve the control objectives outlined by
management.
The control objectives include items related to:
•Availability Management to ensure the AX management infrastructure is properly
maintained and the data center environment is protected and conditioned in line
with industry best practices.
•Incident and Event Management to ensure tools are in place and personnel are
properly trained to address potential business impacting events.
•Request Management to ensure service requests flow through a proper life cycle.
http://www.oneneck.com
Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.

6. AX Management
A SSAE 16 Type II Audit Provides Needed Confirmations
When an AX management outsourcer has completed a SSAE 16 Type II audit,
customers can be assured certain claims have been verified.
In other words, the company is doing what it says it does when it comes to
operational metrics.
For example, a SSAE 16 audit confirms the data center:
• Maintains Sufficient Data and Power Redundancy
• Maintains Appropriate Physical Security Controls
• Monitors for Excessive Temperature Fluctuations
• Reviews Alerts on a Timely Basis
• Has Proper Fire/Water Detection and Protection
http://www.oneneck.com
Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.

7. AX Management
When a company trusts a third party for a critical service such as AX
management, using only the highest quality providers is an option.
Selecting an outsourcing provider without proper controls can put a
business at significant risk.
Therefore, companies must ensure their outsourcing partners leverage
the most advanced technology and skilled personnel to help safeguard
their IT assets.
http://www.oneneck.com
Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.

8. ABOUT THE AUTHOR
Chuck Vermillion is CEO and founder of OneNeck IT
Services, a leading provider of hosted application
management and managed services since 1997.
For more information about AX Management, visit
http://www.oneneck.com/Solutions.aspx today.
http://www.oneneck.com
Copyright © 2013 OneNeck IT Services Corporation. All rights reserved.