SOC 1,2,3 Compliance SSAE 18 Audit Reports

Outsourcing in on the rise despite increasing cybersecurity breaches. In today’s challenging world of Blockchain, AI, IoT, and Cloud, we need to be a step ahead of your competitors. Think of the AICPA SOC report, also known as the SSAE 18, SOC compliance report as your company’s “Security Best Practices”. You need to demonstrate a level of confidence that your organization can handle your clients’ most confidential and valuable information, have the procedures and controls in place to provide the required assurance. SOC now stands for "System and Organization Controls" formerly known as "Service Organization Controls". SSAE 18 (formerly SSAE 16), SOC compliance reports are often used for Vendor Risk Management and for SOX compliance such as SOX 404. A SOC 2 Type 2 certification (attest) report or SOC 1 Type 2 certification (attest) report provides the much needed SOC compliance and assurance of operative effectiveness of controls.

Data Security & Privacy are increasing concerns for many organizations. This is especially important in cases where data is regulated or sensitive as in case of compliance requirements for HIPAA, PCI, CCPA, GDPR, etc. Cloud environments are adding to the complexity of the issue. Privacy laws are being enforced that lead to heavy fines or penalties. SSAE 18 (formerly SSAE 16), SOC 2 compliance audits are now commonly used for Cloud Data Security & Privacy controls such as the CSA's Cloud Control Matrix(CCM) that also covers GDPR controls. Our SOC 2 Type 2 for cloud security compliance or audit reports can also cover the C5 cloud standard. A SOC 2 compliance for privacy covers the TSC-Trust Services Criteria 2017 Privacy Points of Focus (Control Objectives) or any other specific privacy audit requirements or mandate such as ISO/IEC 27701. The Trust Services Privacy Criteria were formerly known as the Generally Accepted Privacy Principles(GAPP) by AICPA.

Accedere Inc

Earlier known as SAS 70 reports, then SSAE 16 and now SSAE 18, these SOC compliance reports are being used for several years for internal controls, security, processing integrity and SOX compliance. The SSAE 18 Auditor or SOC Auditor is also known as a "Service Auditor". The SOC 1 compliance report mirrors the ISAE 3402 and SOC 2 compliance report mirrors ISAE 3000. The SSAE 18, SOC Auditor can issue a joint SSAE 18 SOC Compliance and ISAE report. SSAE stands for Statement on Standards for Attest Engagements. SSAE 18 is the new standard for all SOC reports. In fact all SSAE including SSAE 16 got merged in the SSAE 18 standard. So we cannot compare SSAE 16 vs SSAE 18. A SOC compliance report is technically an "Attest Report". The "SOC Certification Audit" is a " SSAE 18 SOC Attest Report", SOC 1 Type 1 or Type 2 or SOC 2 Type 1or Type 2 for a vendor or third-party or SOX compliance. A Type 2 compliance report is valid for 6 months or 12 months. For the misisng period, a SOC Bridge Letter for SOC Type 2 may be issued by the Service Organization.

A SOC 1 compliance report is mainly used for ICFR (Internal Controls over Financial Reporting) in other words for financial data reporting under AT-C 320. A SOC 2 Type 2 compliance audit is mainly used for nonfinancial data reporting. SOC 2 Type 2 compliance uses the TSC as Points of Focus (Control Objectives) under AT-C 205 (formerly under AT 101). The latest TSC 2017 is aligned with the COSO Risk Framework and covers 5 criteria namely Security (or Common Criteria), Availability, Confidentiality, Processing Integrity, and Privacy. A SOC 2 Type 2 or SOC 1 Type 2 compliance report provides assurance if the controls operated effectively in an environment. A SOC 2 Type 1 or SOC 1 Type 1 compliance report provides for controls implemented at a point in time (as on a specific date). SOC 1 audit vs SOC 2 audit is mainly for financial or nonfinancial data. Difference between SOC Type 1 and Type 2- A SOC Type 1 report refers to a point in time and a Type 2 report refers to a period of time and controls implemented vs operating effectiveness. The Trust Services Privacy Criteria were formerly known as the Generally Accepted Privacy Principles(GAPP) by AICPA.

Find out More
Accedere Inc

Data in the Cloud is causing nightmares to CIO’s and CISO’s – Leading Security Reports

Image Description

Our Cybersecurity Services

Cloud Security Audits

Cloud Security Audits

Cloud Security Audits for IaaS, PaaS, and SaaS on Amazon AWS, Azure, Google platforms covering VAPT and Benchmarking against Standards.

Read More
SOC 2 and Cloud STAR Attestation

SOC 2, ISO 27001 and Cloud STAR Audits

We provide CSA STAR Level 2 compliance for Cloud Security Alliance with SOC 2 Type 2, ISO 27001 for Cloud Security and Privacy with CCM controls.

Read More
Privacy Assessment & Attest Service

Privacy Compliance Services

With hefty Privacy fines, our privacy compliance services can help you understand your compliance with mandates such as GDPR, CCPA, HIPAA, and others. We also offer ISO 27701 Privacy Certification.

Read More
Cybersecurity Assessment for Critical Infrastructure

Cybersecurity Assessment for Critical Infrastructure

Our team has conducted large projects relating to NERC-CIP, IEC 62443/ISA 99, Critical, and Smart Infrastructure Security.

Read More

Our Client Testimonials

SOME TOP DATA BREACHES

Cambridge

FTC imposes USD 5 billion fine on Facebook for the Cambridge Analytica issue.

Learn more
criminal-hack

A criminal hack affecting bookings made on the airline's website and app.

Learn more
Hackers-accessed

Hackers accessed the reservation database for Marriott's Starwood Hotels

Learn more