How SSAE 16 Impacts Your Business

When you look for a cloud provider, you should make sure that the organization has SSAE 16 compliance. This standard holds technical organizations accountable for providing secure, high-quality services. Understanding the SSAE 16 standard and its benefits will help you find a trustworthy IT service organization.

What Is SSAE 16?

SSAE 16 stands for Statement on Standards for Attestation Engagements No. 16. The American Institute of Certified Public Accountants (AICPA) created SSAE in 2010. They had previously used the 1992 SAS 70 standard for evaluating service organizations. However, with changes in international standards, they needed to develop new guidance that complied with them.

While AICPA oversees the SSAE 16 requirements, the standard covers more than financial reporting. It also investigates an organization’s data security practices. A compliant organization like Prelude Services receives an annual SSAE 16 audit that evaluates internal controls. Service organizations — especially those that manage cloud services — must have sufficient controls and safeguards to defend their clients’ information. SSAE 16 ensures that customers can rely on an organization to manage their data.

SSAE 16 Audit Requirements

The SSAE 16 standards include three different Service and Organization Controls (SOC) Reports — SOC 1, SOC 2 and SOC 3. SOC 1 Reports overview an organization’s financial reporting controls. Meanwhile, the SOC 2 and 3 Reports assess the organization’s non-financial controls. While the SOC 2 Report involves a private, in-depth evaluation, the SOC 3 Report creates a general overview to share with the public. Prelude Services undergoes SOC 1 and SOC 2 audits every year. Every customer gets copies of both reports on an annual basis.

When an auditor creates a SOC 1 Report, they examine the organization’s handling of their client’s financial data. They ensure that the organization has sufficient controls to reach the security objectives they promise their customers.

A SOC 2 Report’s SSAE 16 compliance checklist includes modified Trust Services Criteria. These criteria evaluate the following areas:

• Security: Does the organization safeguard against unauthorized access to data?
• Availability: Are the organization’s information and services readily available?
  Processing integrity: Do the organization’s systems perform their intended functions correctly?
• Confidentiality: When the organization labels information as confidential, does it actually stay confidential?

Benefits for Companies that Use SSAE 16-Compliant Organizations

The following benefits are also maintained:

• HIPAA compliance: When your organization goes through an audit, the auditor will request proof that the services you use practice data security. The report copies you get from Prelude Services act as this documentation. You won’t have to pay the extra cost of sending the auditors to our organization.
• Transparency: You can rest assured that your SSAE-16-compliant service organization will not only keep your data safe but also notify you of any breaches. Copies of the SOC 1 and SOC 2 reports inform you of the organization’s exact security practices.
• Functionality: Your services and data will work correctly, and you’ll have fair access to your information.

Witness the SSAE 16 Standard

Nationally recognized audit firms create yearly SOC 1 and SOC 2 Reports for Prelude Services. We use these evaluations to stay accountable to our valued customers. Discover more about our standards, and contact us today for more information.