Compliance White Papers

Taking the hassle out of staying compliant

Get A Fixed Fee Quote Today Request a Free Quote

SOC 2 compliance is quickly become a hot topic in today's world of technology and cloud computing, and as such, service organizations should take note of 5 important items regarding this specific Service Organization Control (SOC) reporting framework.

1. SOC 2 compliance is part of the AICPA Service Organization Control (SOC) reporting platform. In an effort to dramatically revamp reporting on service organizations (and to align with the growing trend of globally accepted accounting principles), the American Institute of Certified Public Accountants (AICPA) launched the SOC reporting platform, for which there are three (3) reporting options: SOC 1, SOC 2, and SOC 3.

SSAE 16 SOC 1 Type 2 reports are being issued at a feverish pace these days, thanks in large part to the launch of the American Institute of Certified Public Accountants' (AICPA) Service Organization Control (SOC) reporting framework, which consists of SOC 1, SOC 2 and SOC 3 reporting options.  In today's alphabet world of regulatory compliance mandates, it's vitally important you learn about SSAE 16 SOC 1 Type 2 reports, thus take note of the following 5 points:

1.  Say Hello to SSAE 16 and Goodbye to SAS 70.  Statement on Auditing Standards No. 70 (SAS 70) was a widely used reporting tool for service organizations all throughout the globe. However, the migration towards more globally accepted accounting principles has put SAS 70 in the rearview mirror, with ISAE 3402 and SSAE 16 racing down the regulatory compliance highway together at full speed.

SOC 1 Type 2 reports are part of the new AICPA Service Organization Control (SOC) reporting framework, and as such, there are a number of critical points your organization should now about regarding the new reporting standard that has effectively replaced SAS 70 for reporting periods ending on or before June 15, 2011.  Take note of these following 5 issues regarding SOC 1 Type 2 reporting:

1.  SAS 70 has been replaced. After almost 20 years of faithful service, Statement on Auditing Standards No. 70 is with us no more.  It became a very well-known (but often misused) auditing standard for reporting on controls at service organizations, over time becoming the de-facto global standard for which all other reporting options were measured against.

You can purchase the official SSAE 16 audit guide from the American Institute of Certified Public Accountants’ (AICPA) website, or you can simply visit the official SSAE 16 Resource Guide at ssae16.org.  As a comprehensive website dedicated solely to Statement on Standards for Attestation Engagement No. 16, the official SSAE 16 Resource Guide was developed by NDNB Accountants & Consultants, a nationally recognized IR CPA firm specializing in regulatory compliance for businesses throughout North America and abroad.   Thus, you’ll find a wealth of information regarding the new AICPA attest standard that effectively replaced the aging SAS 70 auditing standard for reporting periods ending on or after June 15, 2011. Specifically, NDNB’s own SSAE 16 audit guide provides relevant, up-to-date information on the following subject matter:

SSAE 16 audits are commonly performed on entities that perform outsourcing functions on behalf of their clients. Known in the world of regulatory compliance as “service organizations”, these organizations have historically undergone SAS 70 compliance audits, but much has changed with the advent of the new AICPA Service Organization Control (SOC) reporting framework.  Specifically, Statement on Standards for Attestation Engagements No. 16 (SSAE 16) has effectively replaced the aging SAS 70 auditing standard for reporting periods ending on or after June 15, 2011.  This has resulted in many service organizations simply migrating from SAS 70 to SSAE 16 in hopes of continuing to achieve compliance with the new de facto standard for reporting on controls at service organizations.  Though the transition from SAS 70 audits to SSAE 16 audits may seem rather straightforward, there are a number of significant changes that service organizations should be aware of. Furthermore, these changes may also impact  cost and scope considerations for the SSAE 16 audit itself.

Looking for SSAE 16 guidelines and other helpful information for ensuring your SOC 1 SSAE 16 Type 1 or Type 2 assessment is a success? Then take note of these important points you need to know about regarding Statement on Standards for Attestation Engagements No. 16.  Additionally, you can learn more about these 5 important points along with other helpful SSAE 16 guidance when you visit the official SSAE 16 Resource Guide, developed by NDNB Accountants & Consultants.

1. Goodbye to SAS 70: After almost 20 years as being the global de facto auditing standard for reporting on controls at service organizations, the SAS 70 auditing standard has effectively been replaced by SSAE 16. In short, for reporting periods ending on or after June 15, 2011, the SAS 70 auditing standing is no longer valid, thus you'll need to migrate to the SSAE 16 assessment standard.

Since 2006, NDNB has been setting the standard for security & compliance regulations