Get A Fixed Fee Quote Today Request a Free Quote

  • Home
  • Glossary
  • Complimentary User Entity Controls | SSAE 16 Compliance | ssae16.org

Complimentary User Entity Controls | SSAE 16 Compliance | ssae16.org

Complimentary user entity controls are those controls for which management of the service organization assumes will be in place at user entities in regards to the actual services being performed by the service organization.  These complimentary user entity controls are a critical component of any SSAE 16 assessment, as it illustrates to the intended user of the report that the user entity has certain roles, responsibilities, and obligations in helping the service organization achieve the control objectives stated in the description of the "system".  Thus, it is common to list these complimentary user entity controls within the description of the "system" for an SSAE 16 Type 1 and Type 2 assessment. Common examples of user entity controls include the following:

  • Implementation of sound and consistent internal controls regarding general I.T. system access and system usage appropriateness for all internal user entity components associated with the service organization.
  • Timely removal of user entity accounts for any users who have been terminated and were previously involved in any material functions or activities associated with the service organization.
  • Transactions for user entities relating to the service organization are appropriately authorized and transactions are secure, timely, and complete.
  • For user entities sending data to the service organization, data must be protected by appropriate methods for ensuring confidentiality, privacy, integrity, availability, and non-repudiation.

Please note, that the term complimentary "user entity controls" may also be expressed as "user organization controls", "complimentary customer controls" or any other similar name or phrase.

Lastly, if your organization is considering undertaking an SSAE 16 assessment, then you will need to gain a strong understanding of the Internal Control over Financial Reporting (ICFR) concept as it relates to SSAE 16 compliance.

Additionally, NDNB Accountants & Consultants also offers SSAE 16 Readiness Assessments and cost-effective, fixed-fee SSAE 16 Type 1 and Type 2 reporting.

Please contact Christopher Nickell, CPA, at 1-800-277-5415, ext. 706, if you are interested in learning more about NDNB's services and our competitive, fixed-fee assessments.

Since 2006, NDNB has been setting the standard for security & compliance regulations