• Data Center Risk Mitigation

    • e-shelter Data Center security
Dr. Dietmar Otten
Data Center Risk Mitigation – ISAE 3402

As a leading data center provider in Europe, e-shelter has built its reputation and success upon high quality physical infrastructure and high availability technical systems. Organizations put their businesses in our hands and it is our obligation to provide security, power, cooling and connectivity to ensure that customer operations continue without interruption. Trust is the foundation of many types of relationships and for e-shelter customers, prospects, and partners, we continuously build upon this value so organizations can concentrate on their core capabilities.

As a result of driving forward in product quality and customer confidence, e-shelter can now provide another layer of trust in the form of "Assurance Reports on Controls at a Service Organization," which are independently audited by an independent auditor according to the international ISAE 3402 standard. Beginning with the year 2018, e-shelter can provide ISAE 3402 reports for our data center sites in Frankfurt (FRA1)Berlin (BER1)Munich (MUC2)Zurich (ZRH1). Reports are available upon request.

What is ISAE 3402 and how does it apply to data centers?

"ISAE 3402 deals with assurance engagement to report on controls at a service organization likely to be relevant to user entities’ internal control as it relates to financial reporting." (Implementing and Maintaining ISAE 3402, Ernst & Young Accountants LLP 2013).

ISAE 3402 reports have become a standard for reporting on internal controls of a service organization. Customers can use these reports to demonstrate to their own auditors that e-shelter is a well-positioned provider of essential services to host their company’s IT systems (especially physical protection, dependable access management, secure environment and reliable supply services). While the focus is on IT systems used for financial reporting, at e-shelter, the controls apply to all essential IT systems required to operate a data center at our above-named sites.

e-shelter creates another layer of trust by providing independent ISAE 3402 reports on its data center systems

These reports contain among other topics:

  • A description of the internal control framework;
  • Specifications of the control objectives;
  • Description of controls which are set up to achieve the control objectives;
  • The auditor’s opinion about the effectiveness of the controls.

It is our core objective to mitigate risk for the customer and ensure that our product solutions and services meet and exceed the highest standards and expectations and the ISAE 3402 reports demonstrate the effectiveness of the internal controls system defined by e-shelter. In the course of the review, a large number of controls relevant to our customers were checked by an independent auditor, Ernst & Young Accountants, across various e-shelter departments and the controls’ effectiveness was determined. We will prepare ISAE 3402 reports for the above locations as well as for additional facilities and make them available for 2019 and the following years. Interested customers, prospects, and partners can obtain the available reports upon request and for a fee. Please reach out to: compliance@e-shelter.com.


e-shelter's European expansion


One Industrial IoT in the Cloud, please.


Future Mobility in the Munich Innovation Lab