SOC 1 / SSAE 18 Report
Cost-Effective, Stress-Free Assessment
WHAT IS A SOC 1 / SSAE 18 REPORT, AND WHY DO I NEED ONE?
A System and Organization Controls or SOC 1 / SSAE 18 report is a formal audit of a service provider’s controls that affects their client’s internal control over financial reporting. SOC 1 / SSAE 18 reports, formerly known as SAS 70 and SSAE 16 reports, are specifically intended to meet the requirements of the entities that use service organizations and those entities’ financial statement auditors.
Effective May 1, 2017 the SSAE 18 audit standard superseded the SSAE 16. This update is intended to help simplify and unify international attestation standards. Most requirements remained the same, however, some key changes include:
- Stronger focus on Risk Assessment
- Formal Vendor Management Program
- Monitoring Subservice Organizations
- Written Assertion Requirement
By obtaining a SOC 1 / SSAE 18 attestation report that is performed by a third-party CPA firm, not only are you providing an increased level of confidence to your clients but also adding significant value to your service organization. A successful SOC 1 / SSAE 18 audit will differentiate your organization from your competitors by demonstrating the establishment of an effective control environment and a commitment to the security of your client’s data and confidential information.
THERE ARE TWO TYPES OF SOC 1 REPORTS
Type 1 – The Type 1 report informs your clients and their auditors that your organization has accurately described its systems and controls, that the described controls are in place, and that the controls are designed to accomplish your financial control objectives. This type of report reflects your organization’s controls as of a specific date in time.
Type 2 – The Type 2 report, in addition to providing the same information as the Type 1 report, verifies that the controls are operating as intended, describes the tests your auditors performed to make that determination, and provides the results of those tests. This type of report reflects your organization’s controls over the course of a specific review period.
HOW CONTROL LOGICS CAN HELP
Our team of experienced certified information security auditors understand the complexities and key differences between each framework and what they mean to your organization. Our goal is to help you achieve compliance quickly and with minimal disruption to your daily business. Our service delivery model is designed to provide an unparalleled client service experience and our friendly audit team takes a collaborative approach towards helping our clients maximize the long-term business value of their audit and compliance activities.
In addition to a streamlined approach, Control Logics offers:
- Competitive, fixed-fee pricing
- Discounts for multi-year contracts
- Reduced on-site fieldwork by using our secure online client portal
- Director-level support and involvement in each phase of the engagement
To see how we can help your organization, contact us today!
FOR ASSISTANCE WITH A SOC 1 / SSAE 18 REPORT, PLEASE COMPLETE THE CONTACT FORM BELOW OR SEND US AN EMAIL AND ONE OF OUR SUBJECT MATTER EXPERTS WILL RESPOND TO YOU SHORTLY.