SSAE-16/SOC Advisory & Assessment

Introduced by American Institute of Certified Public Accountant (AICPA), SSAE 16 is US regulatory requirement in cases where data is regulated and/or sensitive (such as in Sarbanes-Oxley (SOX) compliance), Where it is essential to know that service organizations managing this data have effective and well-documented controls in place.

SSAE 16 has two report types (audit stages):

Type 1: “Report on management’s description of a service organization’s system and the suitability of the design of controls.”

  • The Report is as of a point in time
  • Looks at the design of controls – not operating effectiveness

Type 2: “Report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.”

  • • The report covers a period of time, generally not less than six months
  • Includes tests of operating effectiveness
  • Identifies instances of noncompliance of the stated controls.

SSAE 16 has three SOC types:

SOC 1 Reports: Reporting on controls relevant to internal control over financial reporting (ICFR).

SOC 2 Reports: Reporting on controls relevant to security, availability, processing integrity, confidentiality, or privacy

SOC 3 Reports: Reporting on controls relevant to security, availability, processing integrity, confidentiality, or privacy in accordance with general Trust Service Principles.

Trust Service Principles:



Security: The system is protected against unauthorized access (both physical and logical).

Availability: The system is available for operation and use as committed or agreed.

Processing Integrity: System processing is complete, accurate, timely, and authorized.

Confidentiality: Information designated as confidential is protected as committed or agreed.

Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA.

We help organizations with our 6 step approach for successful attestation of SSAE-16.

Some great companies use our services

About azpirantZ

We are an aspiring cybersecurity consulting firm that aims to help its customers focus on their core business by taking care of their security and compliance through high-caliber services and providing them actionable solutions. At Azpirantz, we understand that the threat landscape is fast-paced and ever-adapting. Identifying the hidden vulnerabilities, drafting the right action plan, or choosing the best technologies as per the environment to safeguard data assets and comply with new laws is a challenge for any organization. Thus, we work towards providing our customers with a seamless experience in battling the current cybersecurity threats.

3+

Years in
Business

450+

Successful
Cases

200+

Satisfied
Clients

83+

Pro
Consultant

Talk to our security expert
Success! Your message has been sent to us.
Error! There was an error sending your message.

5 + 49 =
© Azpirantz Technologies LLP - 2020, All Rights Reserved