A SOC 1 SSAE 18 Report is officially a "Report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls".
SOC 1 SSAE 18 Type 2 Reports will Include the Following Content
- A description of the service organization's "system".
- A written assertion from management of the service organization that fairly presents the service organization’s system as designed and implemented throughout the specified period, and that the controls related to the control objectives stated in the description of the “system” for the service organization were suitably designed to achieve the control objectives as of the specified period.
- A service auditor’s assurance report.
Please keep in mind that the official SOC 1 SSAE 18 Type 2 Report, officially known as "Report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls", may be called any number of the following phrases:
- SOC 1 SSAE 18 Type 2 "Compliance" or "Compliant"
- SOC 1 SSAE 18 Type 2 Service Auditor's Report
- SOC 1 SSAE 18 Type 2 "Report" or "Reporting.
You many even here the phrases "SOC 1 SSAE 18 Certified" or "SOC 1 SSAE 18 Certification", which are incorrect, as the AICPA SSAE 18 standard is not a certification, nor does it result in a service organization being certified. The correct representation would be that your organization is compliant with the SOC 1 SSAE 18 attestation standard, and as such, your organization has been issued a SOC 1 SSAE 18 Type 1 or Type 2 report for evidentiary matter.
Service organizations that are new to the reporting requirements for SOC 1 SSAE 18 would highly benefit from a SOC 1 SSAE 18 Readiness Assessment; a proactive consultative engagement which greatly assists the overall process. Contact Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706, to receive a competitive, fixed fee for all your SOC 1 SSAE 18 and SOC 2 compliance needs.