Is there symmetry between an SAP hosting certification and a SAS70 certification?
Are you outsourcing application hosting to the cloud or to a SaaS model? Then the distinction is important. If you are collocating you computer and networking equipment the answer is less important as you are in charge of all operations and process controls.
What are the differences? SAP Hosting symmetry with SAS 70 Type II for application hosting certification for example is very close. When compared with colocation there is a wide chasm of difference. In the case of the SAP hosting certification SAP examines whether the managed service provider (MSP) has the capabilities in place to effectively deliver the SAP hosting and application management service up to its standards. The list of requirements is long and very specific. SAS 70 Type II on the other hand tests whether the MSP performs the required abilities as a controlled process over a period of time. Usually an audit period is six months. With SAS 70 Type II the auditor goes into the change and configuration management files and verifies the MSP has performed, measured, completed, and effectively documented the changes.
For the reader who is not using SAP the SAP standards are applicable to the management of virtually any ERP, CRM, webhosting or packaged software application. When the SAP standards are used an MSP can confidentially claim high availability at the application level, not only at the facility level. This capability almost always commands a higher premium.
Coupled with the SAS 70 Type II certification for "application hosted solutions" a buyer can be very confident of the MSPs capabilities. Please note iStreet has the SAS 70 Type II certification for the complete application hosting service suite, not just colocation. Ask your prospective MSP to tell you the specific areas of their SAS70 and make sure it matches your needs. I recently had lunch with Charles Weaver, CEO of MSP Alliance, who offered that “only 10% of MSPs have any certification at all”.
A last comment for consideration, with SAS 70 Type II Certification at the application level, a customer is guaranteed the highest standard of managed service. This is important for public companies with Sarbanes-Oxley requirements and privately held companies with a smaller number of shareholders. All companies want to maintain proper controls over business operations and SAS 70 Type II certification helps insure control is extended to technology operations as well.
I am going to conclude the blog by simply saying that if your need is colocation, choose a colocation provider who is SAS70 Type II certified for facility and network security. If your need is managed services choose a provider who is SAS 70 Type II certified for application hosting. Compare the audit criteria in the table and make sure you are getting what you need from your provider. There is a DIFFERENCE!
SAP IT Excellence Quality Criteria Area
SAS 70 Type II for Application Hosting
|SAS 70 Type II for Colocation|
|Data Centers||Facility Operations & Maintenance||Facility Operations & Maintenance|
Physical Security Environmental Security Network Security Information Security
Physical Security Environmental Security Network Security
|SAP Services Portfolio - SAP Hosting - SAP Application Management||Solution Design & Development||Not Applicable|
|NW & Connectivity Managed Backup Administration Skills Project Management||Computer Operations Human Resources||Not Applicable|
|IT Service Management Processes||Customer Support Incident Management Change/Configuration Management||Not Applicable|
|Disaster Recovery & Business Continuity||Disaster Recovery & Business Continuity||Not Applicable|
iStreet Solutions is SAS 70 Type II certified at the application level as well as SAP Hosting and Application Management Services. Contact us for any managed service’s needs.