Explanation of SSAE 16 (formerly SAS 70)

Reptrax's partner in hosting, Rackspace, has completed an examination in conformity with Statement on Standards for Attestation Engagements No. 16 (SSAE 16).

SSAE 16 Type II Report

Completion of the SSAE 16 Type II examination indicates that selected Rackspace's processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing firm. The examination included the company's controls related to security monitoring, change management, service delivery, support services, backup and environmental controls, logical and physical access.

SSAE 16 is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for a user organization's management to obtain assurance about service organization's internal controls without conducting separate assessments.

A service auditor's examination performed in accordance with SSAE No. 16 (SSAE 16 Audit) is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. A Type II report not only includes the service organization's description of controls, but also includes detailed testing of the design and operating effectiveness of the service organization's controls.