Who is sas 70 certified

The SSAE 16 has been around long enough now to have gained popularity and familiarity by both service organizations and their clients. However, we still receive a fair amount of questions regarding the purpose of an SSAE 16 audit report, the components, and the benefits of a service organization obtaining an SSAE 16 audit report.

An SSAE 16 report allows organizations to assess the risks associated with doing business with particular service providers. They are similar in many ways, but the key difference is the period of time covered by the report. There are several benefits associated with obtaining an SSAE 16 audit report. First, it is a great way to demonstrate your commitment to delivering high quality services to your clients. It is also an important step in gaining the client trust you need to develop and grow your business.

By engaging a third-party auditing firm to conduct an SSAE 16 audit engagement, you will not only satisfy current client demands, but gain a competitive advantage and have the opportunity to win new business. The evolution of the reporting on controls at a service organization has inevitably brought more assurance and opportunity to the marketplace. The SSAE 16 audit report is a great way for organizations to demonstrate that they have the proper internal controls in place to protect client data.

If you have any questions regarding obtaining an SSAE 16 audit report, whether it is the appropriate engagement for your organization, or how to prepare for your SSAE 16 audit , contact us today. Suite Tampa, FL The controls framework and scope are determined by the service organization, not the auditor.

The Type I reports on the controls from a moment in time, essentially, an attestation that the controls exist and that they are adequate and appropriate for the stated control objectives. The Type II report actually requires that those controls be exercised and audited over some control period, typically months. It is really the Type II report that consumers want to see. Another interesting item about a SAS 70 report is that it is not a public document.

A customer gets a copy of that report and is then able to evaluate if this service provider at their own discretion. Be careful. Knowing that a datacenter has gone through a SAS 70 Audit is not sufficient information to entrust your data to the datacenter.

But why not? Well, for two main reasons. First off, the audit report may yield undesired results. A company may claim that its backing up data but the audit may show that the data was not backed up.