SSAE 18 – SOC AUDIT AND ATTESTATION SERVICES
Organizations continue to outsource parts of their business to realize potential cost benefits, to alleviate the need for hiring or retaining internal specialists and/or to create more flexibility to realize their business strategy.
Customer need assurance over the services that they outsource. SSAE reports provide assurance that the controls are in place at the vendor organization that are beyond financial controls like system and data protection controls.
SOC 2 report demonstrates the independent auditor’s review of controls implemented at the Service Organization to mitigate these risks effectively.
AICPA introduced various types of SOC reports that meet the requirements of the engagement.
SOC 1
- Mainly Financial Related and Operational Controls
- Controls that may affect financial statement
SOC 2
- Trust Principles
- Defined list of criteria
- Restricted Use
SOC 3
- Trust Principles
- Can be Shared with General Public and on the website
Assurance reports play an important role in management control. In the USA, the new SSAE 18 standard was introduced in 2016 and implemented in 2017.