What is SOC/ SSAE 18?
SSAE 18 is a standard from AICPA (American Institute of Certified Public Accountants) and SOC is System and Organization Controls. SOC for Service Organizations are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service. If you are a service organization and hold data belonging to others, you may need to comply and demonstrate that you have the necessary controls, policies and procedures and the required evidence to ensure customer data privacy.
- SOC 1 reports deal with internal controls for financial reporting.
- SOC 2 and 3 reports deal with Trust Services Criteria relevant to security, availability, processing integrity, confidentiality, or privacy.
The AICPA has also developed a Cybersecurity risk management framework that assists organizations as they communicate relevant and useful information about the effectiveness of their Cybersecurity risk management programs.
Our services for SOC/SSAE 18
We can assist with SOC assessments performed under SSAE 18. We can also assist with the SOC for Cybersecurity framework. Our services for SOC/SSAE 18 readiness include:
- Review and scope of systems and processes, including systems, infrastructure and applications.
- Data Privacy Review.
- Findings report including feedback and recommendations for improvements.
- Creation of policies and procedures