Expert Technology and Information Security Consultants

Site
Web

Service Organization Controls (SOC) Reports

With the replacement of the SAS70 with the SSAE16, the AICPA has issued guidance on three new report types that are to be used by organizations to verify an organization's controls over specific processes.

Intrinium has partnered with a AICPA accredited firm to deliver Service Organization Controls (SOC) reports to your organization for use in:

Evaluating the effect of controls over financial statements (SOC 1 Report)
Providing assurance on controls that affect the security, availability and integrity of data an organization uses to process client data to customers or a limited group (SOC 2 Report)
Providing assurance on controls as in the SOC 2 Report, but with more limited description, for use in general publications or marketing (SOC 3 Report)

These reports are useful for a variety of organizations that touch sensitive client data, including:

Core system providers
Cloud service providers
Bulk print companies and statement printers

Utilizing these reports, you can assure your customers that you are adequately protecting their data and gain additional customers. Contact Intrinium for more information regarding this process.

SSAE16 and SAS70

The AICPA has announced a new standard for reporting on controls at service organizations. Since 1992, CPAs have been utilizing the Statement on Auditing Standards (SAS) no. 70. Beginning June 15, 2011, the Statement on Standards for Attestation Engagements no 16 (SSAE16) will take effect, replacing the SAS70.

Interestingly, neither the SAS70 nor the SSAE16 are intended for use by CPAs to describe and evaluate controls processes other than those related to financial reporting. The AICPA states that organizations wishing to report on the effectiveness of controls on processes outside of financial reporting should utilize a different standard for issuing Service Organization Controls (SOC) reports.