An SSAE 16 Type 1 Report is officially a "Report on management's description of a service organization's system and the suitability of the design of controls".
As such, SSAE 16 Type 1 Reports will include the following content:
- A description of the service organization's "system".
- A written assertion from management of the service organization that fairly presents the service organization’s system as designed and implemented as at the specified date, and that the controls related to the control objectives stated in the description of the “system” for the service organization were suitably designed to achieve the control objectives as of the specified date.
- A service auditor’s assurance report.
As with any new standard, expect a number of commonly used terms and phrases to be associated with SSAE 16 Type 1 reporting, such as the following:
- SSAE 16 Type 1 Service Auditor's Report
- SSAE 16 Type 1 "Compliance" or "Compliant"
- SSAE 16 Type 1 "Report" or "Reporting"
- SSAE 16 "Certified" or SSAE 16 "Certification"
Please note that the phrase "SSAE 16 Certified" or "SSAE 16 Certification" is technically incorrect, as a service organization is NOT becoming "certified" or achieving SSAE 16 "certification". This incorrect terminology rose to prominence in recent years with the huge popularity of the SAS 70 auditing standard, ultimately resulting in organizations proclaiming themselves as SAS 70 "certified".
Service organizations that would greatly benefit from an SSAE 16 Type 1 report are those that have never gone through any type of audit for reporting on controls (such as a SAS 70, CICA 5970, or any other region/country specific standard) and who are seeking to ultimately obtain an SSAE 16 Type 2 report.
Additionally, regardless if your organization is seeking an SSAE 16 Type 1 or Type 2 report, a SSAE 16 Readiness Assessment would be highly beneficial for ensuring you understand the scope of the audit along with the fundamental changes between SSAE 16 and the prior SAS 70 auditing standard.
A competent and highly qualified SSAE 16 auditing firm will be able to provide your organization with an SSAE 16 Readiness Assessment. Additionallly, learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. They truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.
Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, to receive a competitive, fixed fee for all your SOC 1 SSAE 16 and SOC 2 compliance needs.