SOC 1 reports, which have effectively replaced SAS 70 reports, will be prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SOC 1 reports retain the original purpose of SAS 70 by providing a means of reporting on the system of internal control for purposes of complying with internal control over financial reporting. SOC 1 reports are restricted use reports, which mean use of the reports is restricted to:
For reports that are not specifically focused internal controls over financial reporting, the AICPA has issued an Interpretation under AT Section 101 permitting service auditors to issue reports. These reports will now be considered SOC 2 audits and focus on controls at a service organization relevant to security, availability, processing integrity confidentiality, or privacy.
Many first time clients first choose to perform a Readiness Assessment prior to undergoing the SSAE 16 Type I or Type II audit. For more information regarding our Readiness Assessment services, please click here.
SSAE 16 Professionals has assembled top tier leadership to help our clients through the SSAE 16 SOC 1 process. For further information regarding SSAE 16 reports or to request a fee proposal from SSAE 16 Professionals, please visit our Contact Us page to submit an informational form or call 1-866-480-9485 today. We look forward to hearing from you!