Day: October 22, 2022

The SSAE 18 Audit Standard (Updates and Replaces SSAE-16)

SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70. The changes made to the standard this time around will require companies to take more control and ownership of their own internal controls around the identification and classification of risk and appropriate management of third party vendor relationships. These changes, while, not overly burdensome, will help close the loop on key areas that industry professionals noted gaps in many service organization’s reports. SSAE18 is now effective as of May 1, 2017, and if you have not made the necessary adjustments required, now is the time to find a quality provider to discuss the proper steps. All organizations are now required to issue their System and Organization Controls (SOC) Report under the SSAE-18 standard in an SOC 1 Report. The SOC 1 report produced will look and feel very similar to the one issued under SSAE-16, it will just contain a couple additional sections and controls to further enhance the content and quality, and thus, the ability for third parties to rely on. What’s New in SSAE 18? As mentioned above, there are a couple key changes that Companies currently performing a SOC 1 or 2, or, will be performing one in the near future, need to take into consideration this year and going forward. Service Organizations will need to implement a formal Third Party Vendor Management Program Service Organizations will

Read More »

Get Our Emails

SOC Reporting Guide

Popular SSAE Resources