SOC 1

SOC 1 or SOC 2: Which Is Right for My MSP?

SOC 1 or SOC 2: Which Is Right for My MSP?

Managed service providers (MSPs) provide a valuable service by enabling companies of all sizes to outsource their key information technology processes. Many of those companies who look to engage an MSP ask whether a SOC 1 or SOC 2 Examination has been completed to assess the MSP’s security posture.

Read More

The SOC 1 Examination Process

Do you understand the SOC 1 examination process? Our assessors take you from scoping through report delivery to understand all of the steps needed to complete an examination.

Read More

Everything You Need to Know About Bridge Letters

Bridge letters are an important element of SOC 1 and SOC 2 examinations that you may not be aware of and can help provide your clients with additional confidence regarding the effectiveness of your organization’s controls environment at no additional cost or time.

Read More

SOC Reports: Type 1 vs Type 2 vs Readiness Assessment

Type-1-vs-Type-2-vs-Readiness-Assessment

Your client requested a SOC report, but what’s next? For organizations seeking a SOC 1, SOC 2, or ISAE 3402, there are two attestation options available: Type 1 and Type 2. Additionally, a readiness assessment can be performed to prepare your organization for the attestation.

Read More

Third-Party Vendor Management Best Practices

The SOC 1 standard requires that service organizations implement and describe their vendor management practices for third-party service organizations. In order to help organizations meet these updated requirements, our assessors have assembled a list of vendor management best practices to help organizations, better-manage third-party vendors. What is Third-Party Management? Third-party management is the process whereby companies monitor […]

Read More

SOC 1 for Payroll Providers

Why are people asking my payroll company for a SOC 1 report? Payroll is one of the most commonly outsourced business functions, making SOC 1 necessary to ensure to clients that payments are made accurately and in a timely fashion to the necessary parties. Penalties for failing to file or pay taxes, or other fees […]

Read More

Making the Switch from SSAE 16 to SSAE 18

When service organizations receive a SOC 1 examination, it is performed under the SSAE 16 or “Statements on Standards for Attestation Engagements 16, Reporting on Controls at a Service Organization” standard. In the Spring 2016, The AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of the SSAE […]

Read More

What are the differences between ISAE 3402 and SSAE 16?

The preferred reports for service organizations with direct impact on internal controls over financial reporting of their clients are the SSAE 16 (Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was issued by the Auditing Standards Board of the American Institute of Certified Public Accountants) and ISAE 3402 […]

Read More

The Do’s and Don’ts of Bridge Letters (SSAE 16 Reporting)

You finally received your SOC 1/SSAE 16 report, only to realize that your coverage does not cover the entire year. So what happens in the remaining months of the year beyond the coverage of the report? Is it necessary that you receive another report to cover the remainder of the year? Does your previous report […]

Read More

Provide Peace of Mind to Lenders and Consumers with the A-LIGN Difference

The A-LIGN Difference = Peace of Mind + Trusted Advisor + Competitive Advantage Most lenders/stakeholders now ask title insurance and settlement companies to demonstrate compliance with ALTA’s Best Practices. There exists a lot of uncertainty and confusion in the industry as to how a title insurance and settlement company can demonstrate compliance with ALTA’s Best […]

Read More