Friday, July 26, 2019

SSAE 18 Certification and its implementation


SSAE 18 Audit is a series of improvements compared to SSAE 16 and SAS 70, aiming at increasing the usefulness and quality of SOC reports. The changes made to the SSAE 18 Audit standard ensures the companies to take more control and ownership of their own internal controls in cases of identification and classification of risk and appropriate third party vendor relationship management.

The two key changes to companies currently performing SOC 1 or 2, they need to take into consideration the following point:

·         Implementing a formal Third Party Vendor Management Program

·         Implementing a formal Annual Risk Assessment process




SSAE 18 certification is important because many customers are looking for places with a good reputation. The SSAE 18 Certification gives the company extra credibility for the way they conduct business. Today, businesses are requiring SSAE 18 because many vendors need to attain SOC reports for SSAE 18. These companies include government entities, nonprofit organizations, financial service companies, IT, transportation, healthcare providers, and construction, manufacturing and insurance agencies, even real estate.

A company can get a SOC certification by getting an independent certified public accountant come in and determining that the company is conducting its business to their specifications and is qualified for certification. The following is an SSAE 18 checklist to ensure compliance, the companies has to do:

·         Reviewing reports, including financial and external communication

·         Gain certification by improving compliance with constant communication with the third party vendors

·         Regular visit to the third-party vendors to make sure everything is operating smoothly

·         Need to do an internal control audit for the third party vendors.

·         Thoroughly analyze the SOC reviews

·         Overseeing complaints and other external communication from its third party vendors

SSAE 18 certified data centers are of repute. There are few things which are to be done for SSAE 18 certification. There are many principles that all data centers, collocation, and hosting facilities have to follow while getting certified. The most important thing for data center to take note of is that security.  The data center needs to take into account security and has to sustain physical security controls which include security guards, biometric scanning, and video cameras.

Posted by at
Labels:
Location: 1st Floor, Balammal Building, (Above Canara Bank) 33, Burkit Road, T.Nagar, Chennai, Tamil Nadu 600017, India

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)