SOC Compliance SSAE 18 Audit
Outsourcing in on the rise despite increasing cybersecurity breaches. In today’s challenging world of Blockchain, AI, IoT, and Cloud, you need to be a step ahead of your competitors. Think of the AICPA SOC report, also known as the SSAE 18 SOC compliance report as your company’s “Security Best Practices”. You need to demonstrate a level of confidence that your organization can handle your clients’ most confidential and valuable information, have the procedures and controls in place to provide the required assurance. SOC now stands for System and Organization Controls formerly known as Service Organization Controls. SSAE 18 SOC compliance reports are often used for Vendor Risk Management and for SOX compliance such as SOX 404. A SOC 2 Type 2 certification(attest) report or SOC 1 Type 2 certification(attest) report provides the much needed SOC compliance and assurance of operative effectiveness of controls.
Data Security & Privacy are increasing concerns for many organizations. This is especially important in cases where data is regulated or sensitive as in case of compliance requirements for HIPAA, PCI, CCPA, EU-GDPR etc. Cloud environments are adding to the complexity of the issue. Privacy laws are being enforced that lead to heavy fines or penalties. SSAE 18 SOC 2 audits are commonly used for Cloud Data Security & Privacy controls using the CSA's Cloud Control Matrix(CCM) that cover GDPR controls. Our SOC 2 for cloud reports can also cover the C5 cloud standard. A SOC 2 for Privacy covers the TSC 2017 privacy points of focus(control objectives) or any other privacy mandate.
Formerly known as SAS 70 Compliance reports, then SSAE 16 and now SSAE 18, these SOC compliance reports are being used for several years for security and SOX compliance. The SSAE 18 SOC Auditor is also known as Service Auditor. The SOC 1 compliance report mirrors the ISAE3402 and SOC 2 compliance report mirrors ISAE3000. The SSAE 18 Service Auditor or SOC Auditor can issue a joint SSAE 18 SOC Compliance and ISAE report. SSAE stands for Statement on Standards for Attest Engagements. SSAE 18 is the new standard for all SOC reports. Infact all SSAE incluidng SSAE 16 got merged in the SSAE 18 standard. So we cannot actually compare SSAE 16 vs SSAE 18. A SOC compliance report is technically an "Attest Report". The "SOC Certification Audit" is actually a " SSAE 18 SOC Report" for vendor or third-party or SOX compliance. A type 2 report is valid for 6 months or 12 months. For misisng period, a SOC Bridge Letter is issued.
A SOC 1 report is mainly used for ICFR(Internal Controls over Financial Reporting) in other words for Financial Data reporting under AT-C 320. A SOC 2 audit is mainly used for Non-Financial Data reporting. SOC 2 compliance uses the Trust Services Criteria (TSC) as Points of Focus (Control Ojectives) under AT-C 205 (formerly under AT 101). The latest TSC 2017 is aligned with the COSO Risk Framework and covers 5 criteria namely Security(or Common Criteria), Availability, Confidentiality, Processing Integrity and Privacy. A SOC 2 Type 2 or SOC 1 Type 2 compliance report provides assurance if the controls operated effectively in an environment. A SOC 2 Type 1 or SOC 1 Type 1 compliance report provides for controls implemented at a point in time (as on a specific date).The SOC compliance reports can satisfy the need for SOX compliance such as SOX 404. SOC 1 vs SOC 2 is mainly financial or non financial data. Difference between SOC 2 Type 1 refers to point in time and Type 2 refers to period of time.
Data in the Cloud is causing nightmares to CIO’s and CISO’s – Leading Security Reports
Our Cybersecurity Services
Cloud Security Assessment
Cloud Security Assessments for IaaS, PaaS and SaaS on Amazon AWS, Azure, Google platforms covering VAPT and Benchmarking against Standards.Read More
SOC 2 and Cloud STAR Attestation
We provide CSA STAR compliance for Cloud Security Alliance with SOC 2 Type 2 for Cloud Security and Privacy with CCM controls.Read More
Privacy Assessment & Attest Services
With hefty Privacy fines, our privacy audit services can help you understand your compliance with mandates such as GDPR, CCPA, HIPAA and others.Read More
Cybersecurity Assessment for Critical Infrastructure
Our team has conducted large projects relating to NERC-CIP, IEC 62443/ISA 99, Critical, and Smart Infrastructure Security.Read More
Our Client Testimonials
Accedere Inc is conducting SOC-2 Audit for Ricoh Data Centres and Cloud Services since last 3 years. Audit done by your team were always completed in a timely & professional manner.
Subsequent informal discussions with your good self & knowledge sharing sessions on Network- Security domain with the teams on regular intervals are appreciable.
It’s great to have business association with Accedere Inc
We at Jio Data Center Operations, Would like thank and extend our sincere appreciation for all your devoted contributions & commitment towards our SSAE18 SOC 1 & 2 certification process.
As an industry veteran along with your deep knowledge of the domain, You have made the entire process so seamless especially considering the number of functions & controls involved. You have also helped us to create integrated controls. You have been so diligent, honest and systematic in approach throughout the process.
We thank you once again and look forward for sustaining partnership. Wishing you all the best!!!