Welcome to the SSAE 16 WikiEdit
This wikia is to be used as an SSAE 16 / SAS 70 information tool!
SSAE 16 is the new standard for the SAS 70 engagement that you are used to performing. There is no need for concern however because they are pretty similar. The most relevant change is that management will now be required to put together an assessment of their controls, which the auditor then attests to. This places additional onus on to the service provider to ensure that their organization is actively keeping up with their internal controls.
The following are the components of the write up management is now required to put together:
- The fairness of the presentation of the description of the service organization's system;
- The suitability of the design of the controls to achieve the related control objectives stated in the description; and
- The operating effectiveness of those controls to achieve the related control objectives stated in the description (Type II Only)
As of June 15, 2011 SSAE 16, now formally referred to as SOC 1, is effective and all service organization auditor reports must be in issued in accordance or they will not be accepted by auditors. If interested in more information refer to the SSAE 16 Audit Process.
For more information check out the new SSAE 16 blog - http://www.ssae-16.com