SOC 1

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of […]

Read More

SOC Vendor Due Diligence for Title Agencies

The American Land Title Association (ALTA) Best Practices Framework has been developed to assist lenders in satisfying their responsibility to manage third party vendors. ALTA members advocate a safe and efficient transfer of real estate and have high standards when searching land title records and preparing insurance documents. To provide the best possible chance of […]

Read More

Does Your SOC Report Address Subservice Organizations Using the Carve Out or Inclusive Method?

By: Peter Clarke, Managing Consultant at A-LIGN A subservice organization is an entity that is used by the service organization to perform some of the services provided to customers (user entities).  An example of a common service provided by a subservice organization would be a company that offers their data center to a cloud provider […]

Read More

How to Differentiate Your Title Agency for Success in a Dynamic Market

By: Blaise Wabo, Senior Consultant at A-LIGN In 2012 the Consumer Financial Protection Bureau (CFPB) released a bulletin related to service providers’ oversight, in which they expect supervised banks and nonbanks (lenders) to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law, which is designed to […]

Read More

Understanding the Impact of Testing Exceptions in Type 2 SOC 1 and SOC 2 Reports

By: Ivan Reyes, Senior Consultant at A-LIGN Standards for Attestation Engagements No. 16 (“SSAE 16”) is an attestation standard whereby a service organization’s auditor issues an opinion on a service organization’s internal controls over financial reporting (ICFR). This is delivered in the form of a Service Organization Controls 1 (“SOC 1”) report. The report represents […]

Read More

How to Gain Efficiencies When Adding PCI DSS to Your SSAE 16 or SOC 2 Report

By: Lori Crooks, Managing Consultant at A-LIGN If you process, store or transmit credit card data and already have a SSAE 16 or SOC 2 report, you might be considering adding on a PCI DSS assessment – and it isn’t as painful as you may think! There are controls, such as physical security, logical access, […]

Read More

5 Steps to Succeed in Your Next Compliance Audit

By: Jay Anthony, President of Audit Liaison, PA Your organization has determined that there is a need for a compliance audit. But you have so many questions or don’t know where to start? A-LIGN has asked us to put together a short guide to help you decide the correct course of action and the steps […]

Read More

A-LIGN Continues to Assist Clients in the Title Insurance and Settlement Services Industry

By: Neil Gonsalves, Director of Assurance and Compliance Services at A-LIGN Director of Assurance and Compliance Services Director of Assurance and Compliance Services We performed one of the very first SSAE 16 examinations for a Top 10 Land Title Underwriter in the U.S. and continue to work with Title Agencies to help them with their […]

Read More

7 New COSO Updates that Impact Your SSAE 16 Report

By: Scott Price, Managing Partner of A-LIGN The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an updated version of its “Internal Control – Integrated Framework” in May, 2013. The changes are a progressive move to align its framework with today’s business operating environment, much like the change from SAS 70 to SOC 1/SSAE […]

Read More

Updating the SOC 1 System Description

By: Sue Wells, Senior Consultant at A-LIGN In preparation for a SOC 1 audit, a service organization’s management is required to provide a system description per the SSAE 16 auditing standards. Until recently, little guidance had been provided to assist service organization management in preparing the system description. In January 2014, the AICPA’s Information Management […]

Read More