SOC 1 / SSAE 16
Cost-Effective, Stress-Free Assessment
WHAT IS A SOC 1 / SSAE 16 REPORT, AND WHY DO I NEED ONE?
A System and Organization Controls or SOC 1 / SSAE 16 report is a formal audit of a service provider’s controls that affects their client’s internal control over financial reporting. SOC 1 / SSAE 16 reports, formerly known as SAS 70, are specifically intended to meet the requirements of the entities that use service organizations and those entities’ financial statement auditors.
By obtaining a SOC 1 / SSAE 16 attestation report that is performed by a third-party CPA firm, not only are you providing an increased level of confidence to your clients but also adding significant value to your service organization. A successful SOC 1 / SSAE 16 audit will differentiate your organization from your competitors by demonstrating the establishment of an effective control environment and a commitment to the security of your client’s data and confidential information.
As of May 1, 2017, the SSAE 18 standard replaced the SSAE 16. Most requirements remained the same, however, there are some important changes to consider. These changes include maintaining a formal Vendor Management Program, performing periodic Risk Assessments and placing greater emphasis on the monitoring of Subservice Organizations. To learn more about the SSAE 18 audit standard, please visit here.
THERE ARE TWO TYPES OF SOC 1 / SSAE 16 REPORTS
Type 1 – The Type 1 report informs your clients and their auditors that your organization has accurately described its systems and controls, that the described controls are in place, and that the controls are designed to accomplish your financial control objectives. This type of report reflects your organization’s controls as of a specific date in time.
Type 2 – The Type 2 report, in addition to providing the same information as the Type 1 report, verifies that the controls are operating as intended, describes the tests your auditors performed to make that determination, and provides the results of those tests. This type of report reflects your organization’s controls over the course of a specific review period.
HOW CONTROL LOGICS CAN HELP
Our team of experienced certified information security auditors understand the complexities and key differences between each framework and what they mean to your organization. Our goal is to help you achieve compliance quickly and with minimal disruption to your daily business. Our service delivery model is designed to provide an unparalleled client service experience and our friendly audit team takes a collaborative approach towards helping our clients maximize the long-term business value of their audit and compliance activities.
In addition to a streamlined approach, Control Logics offers:
- Competitive, fixed-fee pricing
- Discounts for multi-year contracts
- Reduced on-site fieldwork by using our secure online client portal
- Director-level support and involvement in each phase of the engagement
To see how we can help your organization, contact us today!
FOR ASSISTANCE WITH A SOC 1 / SSAE 16 REPORT, PLEASE COMPLETE THE CONTACT FORM BELOW OR SEND US AN EMAIL AND ONE OF OUR SUBJECT MATTER EXPERTS WILL RESPOND TO YOU SHORTLY.
