The SSAE 18 Reporting Standard – SOC 1 – SOC 2 – SOC 3 (Formerly SSAE 16) Support and Guidance for SSAE18, SOC 1, SOC 2, and SOC 3 reporting standards (formerly SSAE 16) 
SOC 1 – Top Resources
SOC 2 – Top Resources
Recent Posts
The SSAE 18 Audit Standard (Updates and Replaces SSAE-16)
SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports, now, superseding SSAE 16, and, obviously the relic of audit reports, SAS 70. The changes made to the standard this time around will require companies to take more control and ownership of their own internal controls around the …
SOC 2 Report – Trust Services Criteria and Categories
The System and Organization Controls (SOC) 2 Report will be performed in accordance with AT-C 205 (formerly under AT-101) and based upon the Trust Services Principles, with the ability to test and report on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls (just like SOC 1 / SSAE 18). …
What are considered suitable audit Criteria?
Suitable criteria exhibit all of the following characteristics: Relevance. Criteria are relevant to the subject matter. Objectivity. Criteria are free from bias. Measurability. Criteria permit reasonably consistent measurements, qualitative or quantitative, of subject matter. Completeness. Criteria are complete when subject matter prepared in accordance with them does not omit relevant factors that could reasonably be …
SOC 2 + Additional Subject Matter (SOC2 Plus)
The AICPA recently made efforts to expand the use of SOC 2 in two significant ways – additional reporting Criteria and alignment with other significant and at times, required, IT Security regulations. This expansion increases the utility of a SOC 2 report and overall compliance costs and efforts of Businesses small, medium, and large. The Additional …