SSAE16 Compliant Hosting
Statement on Standards for Attestation Engagements (SSAE) 16 was created to update the US service organization reporting standard so it complies with the new international service organization reporting standard – ISAE 3402.
For service organizations that currently have a SAS 70 service auditor’s examination (“SAS 70 audit”) performed, some changes will be required to effectively reporting under the new SSAE16 standard.
THE SSAE16 Type II COMPLIANT Foundations
All of Logicworks’ operations, data centers and cloud infrastructure architectures are governed and constructed by SSAE16 compliance protocols.
We work with our customers to provide seamless and fully considered protocols for SSAE16 Type II compliance procedures, including:
Who should consider?
- Firms that have been received requests from their clients to provide a Type II Report
- Firms that want to eliminate the amount of non-billable hours to assist the customer’s request to test related controls
- Firms that need to respond to Due Diligence Questionnaires
What does it entail?
- Test control activities
- Perform walk-through of related processes
- Identify and control design deficiencies
- Provide a Type II report
- All SSAE16 Type II reports address internal controls over financial reporting, including information systems as they relate to financial statement assertions
- System description
- Control objectives specified by management
- Risk identification
- Controls that address risks
- Basis for assertion
- Management’s assertion
- Service auditor’s report
Logicworks’ compliance audit extends to our customers providing the following benefits:
- Reduces cost of engaging outside auditors.
- Identifies control gaps within the control environment and baseline against best practices.
- Helps mitigate or eliminate multiple request from prospective clients, clients and their auditors.
- Utilizes SOC reporting as a product differentiator from the competition.
- Assists in investor or client due diligence and selection process.
- Mitigates reputational risk via defined and tested controls and procedures.
- Improves operational efficiency and risk management.
- Increases transparency via third party evaluation