Friday, July 26, 2019

SSAE 18 Certification and its implementation


SSAE 18 Audit is a series of improvements compared to SSAE 16 and SAS 70, aiming at increasing the usefulness and quality of SOC reports. The changes made to the SSAE 18 Audit standard ensures the companies to take more control and ownership of their own internal controls in cases of identification and classification of risk and appropriate third party vendor relationship management.

The two key changes to companies currently performing SOC 1 or 2, they need to take into consideration the following point:

·         Implementing a formal Third Party Vendor Management Program

·         Implementing a formal Annual Risk Assessment process




SSAE 18 certification is important because many customers are looking for places with a good reputation. The SSAE 18 Certification gives the company extra credibility for the way they conduct business. Today, businesses are requiring SSAE 18 because many vendors need to attain SOC reports for SSAE 18. These companies include government entities, nonprofit organizations, financial service companies, IT, transportation, healthcare providers, and construction, manufacturing and insurance agencies, even real estate.

A company can get a SOC certification by getting an independent certified public accountant come in and determining that the company is conducting its business to their specifications and is qualified for certification. The following is an SSAE 18 checklist to ensure compliance, the companies has to do:

·         Reviewing reports, including financial and external communication

·         Gain certification by improving compliance with constant communication with the third party vendors

·         Regular visit to the third-party vendors to make sure everything is operating smoothly

·         Need to do an internal control audit for the third party vendors.

·         Thoroughly analyze the SOC reviews

·         Overseeing complaints and other external communication from its third party vendors

SSAE 18 certified data centers are of repute. There are few things which are to be done for SSAE 18 certification. There are many principles that all data centers, collocation, and hosting facilities have to follow while getting certified. The most important thing for data center to take note of is that security.  The data center needs to take into account security and has to sustain physical security controls which include security guards, biometric scanning, and video cameras.

Posted by at No comments:
Labels:
Location: 1st Floor, Balammal Building, (Above Canara Bank) 33, Burkit Road, T.Nagar, Chennai, Tamil Nadu 600017, India

Thursday, July 25, 2019

Management and Regulations of SSAE 18 Audit in India

There is a new auditing standard that has been implemented, named SSAE 18, replacing previously in use standards like SSAE 16 and SAS 70. Of course, there can be major challenge for companies to integrate the new system in their routine work environment. 

SSAE stands for Statement on Standards for Attestation Engagements, developed by The American Institute of Certified Public Accountants (AICPA) and the Auditing Standards Board (ASB). According to AICPA Service Organization Control (SOC) reports are internal control reports regarding the services provided by a service organization, involving valuable information that users need to assess while addressing the risks associated with an outsourced service.



The above theory clarifies that SSAE is used to regulate how companies conduct their respective businesses and specifies how companies report on compliance controls. These reports are of SOC 1, SOC 2, and SOC 3.

Qadit, being a reliable provider of IT security solutions provides SSAE 18Audit in India that involves one of the most effective ways of communicating information that service organizations do about its controls to user entities through Service Auditor’s Report. There are two types of Service Auditor’s Reports:

1.      Type 1 and Type 2: SOC 1: These reports are furnished by the service organizations, related to the activities and procedure undertaken that have the potential to directly impact a client’s financials.  

2.      Soc-2:  This report evaluates the business information system relating to security, availability, processing integrity, confidentiality, and privacy.

3.      Soc-3: These reports can be used for public distribution for example display on website etc.

SSAE 18 certification in India audit report ensures the service organization to provide its customers for implementation of a formal Third Party Vendor Management Program and Annual Risk Assessment process.  The SSAE 18 update’s main purpose is to clarify certain old standards and streamline and simplify the review process. This update is demanding from companies more control and responsibility with the people they work with, particularly with third-party vendors. The changes do not seem to be so difficult to deal with, but these changes are for better control. 
Posted by at No comments:
Labels: ,
Location: 1st Floor, Balammal Building, (Above Canara Bank) 33, Burkit Road, T.Nagar, Chennai, Tamil Nadu 600017, India

Wednesday, July 24, 2019

SSAE 18 Audit, Its Regulations and Compliances

When organizations compare virtual server hosting companies, they have to quickly assess service quality and reliability. A standard for Attestation Engagements (SSAE) is one of the most accurate auditing standards for hosting companies. SSAE has been designed to provide customers with a level of assurance of corporate controls. SSAE type audits confirm the highest service level attainable for a virtual server hosting company. SSAE is an internationally recognized standard developed by the American Institute of Certified Public Accountants (AICPA).



What is SSAE 18?

The full form of "SSAE" is Statement on Standards for Attestation Engagements. This has been developed by the American Institute of Certified Public Accountants (AICPA). SAS 70 and SSAE 16 have been replaced by SSAE 18.

What is SSAE 16?

SSAE 16 is an auditing standard for service organizations, replacing the auditing standard SAS 70. SSAE 16 compliance confirms that an attestation engagement to report on controls at a host has been performed by a service auditor, resulting the generation of an SSAE 16 Type 1 or SSAE 16 Type 2 report. An SSAE 16 compliant web host offers the following features:
·         SSL capability
·         Application level protection
·         Hardware firewall
·         IP-restricted FTP
·         Managed backups with 14-day retention
·         Advanced monitoring, and multi-level intrusion prevention (IPS/IDS).
·         Multi-level intrusion prevention

What’s new in SSAE 18 Audit?

SSAE18 Audit is a series of improvements aimed to increase the usefulness and quality of SOC reports, replacing SSAE 16 and SAS 70. The changes made to the standard this time will ensure the companies to take more control and ownership of their own internal controls in cases of identification and classification of risk and appropriate third party vendor relationship management.

There have been couple of key changes to companies currently performing a SOC 1 or 2 or will be performing one in the near future, they need to take into consideration the following point:
·         The Service Organizations has to implement a formal Third Party Vendor Management Program
·         The Service Organizations has to implement a formal Annual Risk Assessment process

In the above scenario, Qadit, being a reliable provider of IT security solutions is engaged in providing world-class end-to-end information security solutions to clients. The company’s proven methodologies, in-house knowledge base and customized approach of partnering with clients has gone a long way in understanding and mitigating their information security risks.  
Posted by at No comments:
Labels:
Location: 1st Floor, Balammal Building, (Above Canara Bank) 33, Burkit Road, T.Nagar, Chennai, Tamil Nadu 600017, India
Subscribe to: Comments (Atom)