Oakley Radar shades with rolex replica uk a micro-USB port on each arm. On the glasses are a touch panel on the left for music playback and Siri control, a three-mic array that Oakley says is optimized to hear you even with wind IWC replica watches whipping by at top speed, as well as an embedded system that's the brains of the Pace. There's also a battery that will Balenciaga replica handbags last four hours with.
SSAE 16 Certification - The New Standard in Town - Vendor Portal Expert

SSAE 16 Certification – The New Standard in Town

Vendor Portal Expert  > SaaS  > SSAE 16 Certification – The New Standard in Town
SSAE 16 Certification 2

SSAE 16 Certification – The New Standard in Town

SSAE 16 certification for Vendor Portals – There is a new standard in town.

In April 2010, the American Institute of Certified Public Accountants (AICPA) created a new standard for in-depth audits of third party service organizations. This new certification was called the Statement on Standards of Attestation Engagements Number 16 or SSAE16.  It replaced the Statement on Auditing Standards Number 70 or SaS70.

The AICPA felt it necessary to make the changes because the SAS 70 regulation was never designed for certain service organizations that offer colocation, managed dedicated servers or cloud hosting services.

Additionally, SAS 70 did not set any standards for data center excellence; it merely verifies that the controls and processes set in place by a data center are followed. Additionally, no certification exists for SAS 70, only an auditing process. The problem arose that the data center service industry required some certification of excellence.

The two chief alterations in SSAE 16 is that The SSAE 16 standard not only verifies controls and processes but also requires a written assertion regarding the design and operating effectiveness of the controls being reviewed.

The SSAE 16 audit will result in a Service Organization Control (SOC) report. The SOC report focuses on internal controls over financial reporting and has some different variations that are important for all of us to understand. There is a great breakdown of the three different types of SOC reporting on the Online Tech website.

“A SOC 1, Type 1 report focuses on the auditors’ opinion of the accuracy and completeness of the data center management’s design of controls, system and/or service. A SOC 1, Type 2 report includes Type 1 and an audit on the effectiveness of controls over a certain time period, normally between six months and a year.

SOC 2 and SOC 3 provide pre-defined, standard benchmarks for controls related to the security, availability, processing integrity, confidentiality, or privacy of a system and its information.

SOC 3 report is for general use, and provides a level of certification for data center operators that assure data center users of facility security, high availability and process integrity. While a SOC 2 report includes service auditor testing and results, a SOC 3 report provides only the system description and auditor opinion.”

SSAE 16 Certification Elements for Vendor Portals

Each SOC engagement requires the use of appropriate strategy to evaluate the theme. Suitable criteria must have the following attributes.

Objective

Criteria should be free from any forms of bias.

Measurable

Controls should allow reasonably consistent measurements of subject matter, which is both qualitative and quantitative.

Complete

The criteria must be sufficiently complete to include all applicable factors that would modify a decision about the subject matter.

Relevant

All of the criteria must be critical and pertinent to the subject matter

In my experience, the SSAE 16 certification is a much more difficult standard as it forces the auditors to evaluate the ongoing commitment of management to continually evaluate and improve their controls. A healthy organization needs to be actively asking the question of how they can improve their controls and they need to document their efforts.

When considering a provider for your Vendor Portal you must insist on that provider having a current SSAE 16, SOC 1, Type 2 certification. It is very important that you accept nothing less.

Joe Flynn

Joe is the Founder of Lavante, Inc. In 2001, Joe co-founded Lavante Inc. (formerly AuditSolutions LLC) with the vision of transforming the traditional manual-based AP audit recovery industry through the use of sophisticated on-demand technologies.

No Comments