Wednesday, July 24, 2019

SSAE 18 Audit, Its Regulations and Compliances

When organizations compare virtual server hosting companies, they have to quickly assess service quality and reliability. A standard for Attestation Engagements (SSAE) is one of the most accurate auditing standards for hosting companies. SSAE has been designed to provide customers with a level of assurance of corporate controls. SSAE type audits confirm the highest service level attainable for a virtual server hosting company. SSAE is an internationally recognized standard developed by the American Institute of Certified Public Accountants (AICPA).



What is SSAE 18?

The full form of "SSAE" is Statement on Standards for Attestation Engagements. This has been developed by the American Institute of Certified Public Accountants (AICPA). SAS 70 and SSAE 16 have been replaced by SSAE 18.

What is SSAE 16?

SSAE 16 is an auditing standard for service organizations, replacing the auditing standard SAS 70. SSAE 16 compliance confirms that an attestation engagement to report on controls at a host has been performed by a service auditor, resulting the generation of an SSAE 16 Type 1 or SSAE 16 Type 2 report. An SSAE 16 compliant web host offers the following features:
·         SSL capability
·         Application level protection
·         Hardware firewall
·         IP-restricted FTP
·         Managed backups with 14-day retention
·         Advanced monitoring, and multi-level intrusion prevention (IPS/IDS).
·         Multi-level intrusion prevention

What’s new in SSAE 18 Audit?

SSAE18 Audit is a series of improvements aimed to increase the usefulness and quality of SOC reports, replacing SSAE 16 and SAS 70. The changes made to the standard this time will ensure the companies to take more control and ownership of their own internal controls in cases of identification and classification of risk and appropriate third party vendor relationship management.

There have been couple of key changes to companies currently performing a SOC 1 or 2 or will be performing one in the near future, they need to take into consideration the following point:
·         The Service Organizations has to implement a formal Third Party Vendor Management Program
·         The Service Organizations has to implement a formal Annual Risk Assessment process

In the above scenario, Qadit, being a reliable provider of IT security solutions is engaged in providing world-class end-to-end information security solutions to clients. The company’s proven methodologies, in-house knowledge base and customized approach of partnering with clients has gone a long way in understanding and mitigating their information security risks.  
Posted by at
Labels:
Location: 1st Floor, Balammal Building, (Above Canara Bank) 33, Burkit Road, T.Nagar, Chennai, Tamil Nadu 600017, India

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)