July 17, 2012
SSAE 16 Professionals has assembled top tier talent whose sole focus is on helping Service as a Software (SaaS) companies undergo the SSAE 16 (SOC 1) or SOC 2 audit
IRVINE, Calif., July 17 — SSAE 16 Professionals has unveiled a specialty service line focusing on SSAE 16 (SOC 1) and SOC 2 reports for Software as a Service (SaaS) companies. In today's demanding and competitive marketplace, small and medium sized businesses are increasingly looking to reduce costs by leveraging Software as a Service (SaaS). Samples of SaaS include customer relationship management (CRM), enterprise resource planning (ERP), invoicing, human resource management (HRM), content management (CM) and service desk management. Customers like SaaS because it provides an efficient business model of providing web-based services to customers over the Internet/cloud, plus there is no need to employ expensive software developers in-house to develop, maintain, and upgrade software. Additionally, SaaS companies provide technical support, physical and logical security and built-in support for business continuity and flexible working. Given the dependence user organization's put into internal controls at SaaS, many customers want to review the SaaS' SSAE 16 or SOC 2 report for the comfort and transparency it provides.
"Many Software as a Service (SaaS) companies are choosing SSAE 16 Professionals to perform their SSAE 16 audit because of our personalized approach," says Jim Jimenez, managing partner at SSAE 16 Professionals. "We have a unique blend of expertise coupled with good old fashioned client service."
SSAE 16 (SOC 1) Reports, which have effectively replaced SAS 70 reports, will be prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SOC 1 reports retain the original purpose of SAS 70 by providing a means of reporting on the system of internal control for purposes of complying with internal control over financial reporting. The Sarbanes-Oxley Act (SOX) requires publicly traded companies to perform an annual financial statement audit, which includes key processes that may impact the company's financial statements. If these public companies outsource one of these key processes to your company, you will need to undergo an SSAE 16 (SOC 1) audit. The SSAE 16 report can eliminate the need for your company to be subject to multiple audits from your customers and their respective auditors, most likely eliminating the need for your company receiving multiple visits from your customers' auditors, which can place a huge strain and operational burden on your company's limited resources.
In the past, SAS 70 reports encompassed financial reporting controls, operational controls, and compliance controls. SSAE 16 SOC 1 reports, which have effectively replaced SAS 70 reports, will be prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SSAE 16 SOC 1 reports can no longer be used for any other purpose except for reporting on the system of internal control for purposes of complying with internal control over financial reporting. For reports that are not specifically focused on internal controls over financial reporting, the AICPA has issued an interpretation under AT Section 101 permitting service auditors to issue reports. These reports will now be considered SOC 2 audit reports. SOC 2 reports will focus on controls at a service organization relevant to one or more of the following Trust Services principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
SSAE 16 (SOC 1) and SOC 2 Type I and Type II Audit Reports
SSAE 16 and SOC 2 Readiness Reviews
Additionally, many service organizations undergoing the SSAE 16 or SOC 2 audit for the first time choose to perform a SSAE 16 or SOC 2 Readiness Assessment. SSAE 16 and SOC 2 Readiness Assessments are consulting engagements that are designed to assist service organizations in assessing their preparedness for a SSAE 16 or SOC 2 audit. SSAE 16 Professionals works collaboratively with management teams to perform a detailed readiness review and provide a gap matrix that identifies controls that would pass right away, controls that would partially fail, and controls that would fail and require remediation (in priority order with recommendations for remediation). Some firms go right into the SSAE 16 or SOC 2 audit and realize there are issues which result in a qualified opinion. By that time, the service organization has spent a lot of time and money only to get a qualified report (which is useless to both the service organizations and its clients).
Benefits of Performing a SSAE 16 or SOC 2 Audit
There are many benefits of performing an SSAE 16 or SOC 2 audit, including:
The SSAE 16 Professionals Difference
SSAE 16 Professionals differentiates itself from local, regional, national, and "Big 4" CPA firms in several distinct ways
About SSAE 16 Professionals
SSAE 16 Professionals is a leading provider that specializes solely in SSAE 16 readiness reviews, SSAE 16 Type I Reports, SSAE 16 Type II Reports, and other IT audit and compliance reports. Each of our professionals has over 10 years of relevant experience at "Big 4" and other large international or regional accounting firms. Each professional is certified as a CPA (Certified Public Accountant), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control) and/or MBA (Master of Business Administration). For more information, visit http://www.SSAE16Professionals.com.
Source: SSAE 16 Professionals
10/30/2013 | Cray, DDN, Mellanox, NetApp, ScaleMP, Supermicro, Xyratex | Creating data is easy… the challenge is getting it to the right place to make use of it. This paper discusses fresh solutions that can directly increase I/O efficiency, and the applications of these solutions to current, and new technology infrastructures.
10/01/2013 | IBM | A new trend is developing in the HPC space that is also affecting enterprise computing productivity with the arrival of “ultra-dense” hyper-scale servers.
Ken Claffey, SVP and General Manager at Xyratex, presents ClusterStor at the Vendor Showdown at ISC13 in Leipzig, Germany.
Join HPCwire Editor Nicole Hemsoth and Dr. David Bader from Georgia Tech as they take center stage on opening night at Atlanta's first Big Data Kick Off Week, filmed in front of a live audience. Nicole and David look at the evolution of HPC, today's big data challenges, discuss real world solutions, and reveal their predictions. Exactly what does the future holds for HPC?