The AICPA recently issued new guidance, clarifying and expanding the use of the SSAE-16 Report and how it can be leveraged to show adherence with any set of agreed-upon procedures. The SSAE-18 requirements are now effective as of May 1, 2017 and bring new changes you can learn about here on our SSAE 18 Report overview page.

SOC 2 – Top Resources

Recent Posts

The SSAE 18 Audit Standard (Updates and Replaces SSAE-16)

SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70. The changes made to the standard this time around will require companies to take more control and ownership of their own internal controls around the …

0 comments

SOC 2 Report – Trust Services Criteria and Categories

The System and Organization Controls (SOC) 2 Report will be performed in accordance with AT-C 205 (formerly under AT-101) and based upon the Trust Services Principles, with the ability to test and report on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls (just like SOC 1 / SSAE 18). …

1 comment

How many updates to SOC 1 have their been?

SOC 1 stemmed from the original SAS 70 report, which, once SSAE 16 was issued in April 2010, the formal report name was changed to being a SOC 1 report (but issued under the SSAE 16 guidance) and effective as of June 2011. SSAE 18 was then issued May 2017 and will be effective as …

SOC 2 + Additional Subject Matter (SOC2 Plus)

The AICPA recently made efforts to expand the use of SOC 2 in two significant ways – additional reporting Criteria and alignment with other significant and at times, required, IT Security regulations. This expansion increases the utility of a SOC 2 report and overall compliance costs and efforts of Businesses small, medium, and large. The Additional …

Comments are closed.