Yes. Statement on Standards for Attestation Engagements (SSAE) No. 16 is effectively replacing the long-standing Statement on Auditing Standards No. 70 (SAS 70). SSAE 16 becomes effective for reporting periods that end on or after June 15, 2011. Additionally, SSAE 16 is an “attestation” standard, whereas SAS 70, introduced in 1992, was that of an “auditing” standard. It’s also important to note that service organizations under SSAE 16 have new reporting requirements, the two most notable being the following:
Under SAS 70, service organizations provided a description of one’s “controls” and were not required to provide a written assertion by management. Because of these new reporting requirements for SSAE 16, service organizations should consider engaging with a qualified CPA firm in providing an SSAE 16 Readiness Assessment; a useful and proactive engagement for helping service organizations clearly understand all critical aspects of the SSAE 16 attestation standard. Learn more about NDNB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. They truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.
Along with the introduction of SSAE 16, which is a U.S. standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), comes ISAE 3402, the global standard for assurance reporting on controls at service organizations.
SSAE 16, ISAE 3402, and other country and region specific standards will effectively become the dominant players for third party reporting on controls at service organizations.