SOC 1/SSAE 18 reporting provides assurance regarding the controls at a service organization relevant to the user entities’ internal control over financial reporting, set forth by the Statement on Standards for Attestation Engagements No. 18 (SSAE 18), which focuses on internal controls at services organizations that affect their clients’ financial statements.
SSAE 16 vs. SOC 1/SSAE 18 Reporting
Obtaining a SOC 1/SSAE 18 report differentiates your service organization by demonstrating the establishment of effectively designed controls, which subsequently provides clients with peace of mind to engage with your organizations.
The SSAE 18 audit standard superseded the SSAE 16 report, effective May 1, 2017. Any report issued with an opinion date on or after May 1, 2017, will be issued under the new SSAE 18 standard. The major changes present in SSAE 18 include:
- Vendor Management
- Complementary Subservice Organization Controls
- Written Assertion Requirement
Benefits of Obtaining a SOC 1/SSAE 18 Report
Obtaining a SOC 1/SSAE 18 report allows user auditors to reduce the amount of audit testing and rely on the service auditor’s report regarding the internal controls at the service organization. Other benefits include:
- Gaining a competitive advantage against similar service organizations who have not received a SOC 1/SSAE 18 report
- The ability to meet contractual requirements
- Benchmark your controls
- Revenue growth due to an increase in clientele
- Increased client satisfaction due to a sense of security over sensitive information
Why Choose A-LIGN?
A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider approach as a HITRUST CSF Assessor firm, Qualified Security Assessor Company, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, accredited FedRAMP 3PAO and licensed CPA firm. Working with small businesses to global enterprises, A-LIGN experts and its proprietary compliance management platform, A-SCEND, are transforming the compliance experience enabling an anytime, anywhere approach to audits.