FAQ: What is SSAE 18 (formerly SSAE 16)?

FAQ: What is SSAE 18 (formerly SSAE 16)?

The SSAE 18 audit standard is a framework for reporting on an examination of controls at a service organization relevant to user entities’ internal control over financial reporting.

Additional FAQs

What is a SOC 2?

The Service and Organization Controls 2 Report, formally known as a Service Organization Controls Report as of the most recent update to the SSAE 18 audit standard. A SOC 2 report

SOC1 vs SOC2: Differences?

At a high-level, SOC1 is about financial controls, while SOC2 focuses on information security controls. They serve different end-user customers and stakeholders.

How does a company get SOC 2 certified?

SOC 2 is not a certification, it’s a third party attestation of the controls in place at your organization. Typically when a company is asking this question though the answer

We have a SOC 2. How much effort is GDPR?

Assuming your Company is subject to GDPR, the level of effort depends a lot on the maturity of Organizational and Privacy controls. The Organizational will be mostly met by implementation

SOC 1 Report – Who needs it?

Organizations that handle financial transactions, especially those impacting external financial statements, are good examples of those who need SOC1 audits.

Get Our Emails

SOC Reporting Guide