Questions and Answers

Common questions on rapidly changing compliance regulations

Get A Fixed Fee Quote Today Request a Free Quote

SSAE 16 and ISAE 3402 share a common framework  that is a direct result of a convergence of accounting standards between the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) and global standard setting framework advocated by The International Federation of Accountants (IFAC) and other relevant parties.  In short, both SSAE 16 and ISAE 3402 represent the migration towards global accounting standards and have a framework which is highly similar.

That's not to say they are identical, because they are not, but their differences essentially relate to technical reference used by service auditors and other minor issues, such as restricting the use of Service Auditor's Report, what constitutes "complete" documentation, and engagement acceptance criteria.  Learn more about NDNB's complimentary SOC 1 Policy Packets and SOC 2 Policy PacketsThey truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.

Additionally, SSAE 16 is known as an "attestation" standard, while ISAE 3402 is an "assurance" standard, and though technically different, they both require management to provide a description of its "system" and a written statement of assertion.

In summary, SSAE 16 and ISAE 3402 are highly similar, sharing a common framework for reporting on controls at service organizations. It is too early to tell which of these two standards (or any remaining country | region specific standards) will take root and become widely used, much like that of SAS 70, the standard-bearer for over 18 years.

Since 2006, NDNB has been setting the standard for security & compliance regulations