SSAE 16 SOC 1 Type 2 Compliant
BizTech completes stringent and comprehensive third party examinations each year to obtain SSAE 16 Soc 1 Type 2 Compliance. This ensures that specific control objectives are designed appropriately and functioning at optimal performance.
What is SSAE 16 SOC 1 Type 2 Compliance?
After almost 20 years in existence, the SAS 70 auditing standard has been replaced by the new AICPA Statement on Standards for Attestation Engagements (SSAE) No. 16. The primary differences between a SAS 70 report and a SSAE 16 is that service organization must include (1) Management descriptions of the organization’s system and (2) provide written assertion from management that the system in place is designed to meet the organizations control objectives. Within SSAE 16 standards, the Service Organization Control (SOC) framework includes SOC 1 with Type 1 and Type 2, SOC 2 and SOC 3 reports. These reports all focused on reporting the controls and operating effectiveness of service organizations.
Within this framework, BizTech, as a managed services / hosting provider involved in IT related processes, has completed a SOC 1 Type 2 audit, resulting with a SSAE 16 SOC 1 Tye 2 Report: “Reporting on Controls Relevant to Internal Control over Financial Reporting (ICRF). SOC 1 reports are geared to organizations that undertake fiduciary responsibilities for their clients that are ICRF related, that is, their financial controls are related to financial reporting.
In 2011, BizTech received a SSAE 16 SOC 1 Type 2 Report: “Reporting on Controls Relevant to Internal Control over Financial Reporting (ICRF), performed by independent auditors, NDB Accountants & Consultants, LLP.
The following areas were tested and evaluated as part of BizTech’s SSAE 16 SOC 1 Type 2 audit:
- Organization and Administration (Executive Tone)
- Organization and Administration (Human Resource)
- Client Control Process (Sales, Administrative and Legal)
- Client Provisioning Process and Project Planning (Operational and Technical)
- Customer Support Services and Incident Management
- Managed Services Security Host and Operating System Security
- Managed Services Database Security
- Managed Services System Security and Reliability
- Managed Services Vendor Management
- Change Management
- Logical Security
- Network Security
- Physical Security, Corporate and Data Center Facilities)
- Environmental Security, Corporate and Data Center Facilities
- Computer Operations
- Business Continuity and Disaster Recovery Planning
Why is SSAE 16 SOC 1 Type 2 Compliance Important?
An assortment of government-compliance regulations has been created over the past several years, including the standards imposed by the Sarbanes-Oxley Act of 2002. Under Section 404 of Sarbanes-Oxley Act (SOX), most companies require a SSAE 16 SOC compliance report from their service providers to evaluate controls, data centers, security, backup and system availability.
SSAE 16 SOC 1 Type 2 Compliance is the new de-facto method of permitting a service provider to disclose control activities and processes to their customers in a consistent and reliable format. A SSAE 16 SOC 1 Type 2 Compliance report includes the independent auditors provisions for the organization to consistently and accurately execute the company’s documented control environment and the effectiveness of such controls at protecting information assets from security and availability threats. Additionally, the SOC 1 Type 2 report includes a description of the organization’s systems and management assertions that the system in place is designed to meet the organizations control objectives.
The SSAE 16 SOC 1 Type 2 audit is not a one-time process. Utilizing a six month testing period, BizTech conducts annual audits in order verify compliance, so clients can be assured the controls and procedures in place are effective and they will be in compliance when hosting with BizTech.
For more information on SSAE 16 and SOC1 Test 2 Reports: http://www.ssae16.org/
In the midst of a new era of identity theft, the credit industry is now proactively enforcing adherence to PCI & DSS requirements to safeguard credit cardholder information. BizTech offers expert personnel and proven PCI-specific procedures to help guide your company through the entire PCI compliance process helping move your business forward.