SSAE 16

IS Strategy
December 9, 2013
HIPAA
December 9, 2013

SSAE 16 (SAS 70 audit)

SSAE 16 is the top known tools for assuring the data centers customers. It basically applies to the service organizations and customers are looking for organizations that possess this certification while providing its data center services.

Data centers, managed service providers and Colocations service providers that host systems for customers’ financial reporting needs to maintain the control such as information security, environmental and physical security.

Our Methodology

We carry out the SSAE 16 (former SAS 70 audit) audit to provide assurance in business processes while working with the sensitive information of the client to prove that the secure business processes are put in place to protect the critical information.

Our security audit professionals provide you with the essential corrective actions to mitigate the risks involved in securely running the information assets.

  • Formulating the Robust Policies and Procedures

The Policies and procedures render the foundation for enterprise level security controls. We demonstrate the strong commitment to ensure for the secure environment. It defines the standard how an employee can be accountable for abuse of acceptable behavior.

  • User Access Permissions

We define the user access permissions under the IT security program and specific set of users will be allowed to access the system. We define the user access according to the network, database and business applications.

  • Hardened Internal Systems

Most of the software/ application systems are not installed through the secure process. If you make install it without take due consideration on security, it will have numerous severe security flaws that can even obstruct your business operations.

We follow the process of hardening to make the system more secure. We consider the Authentication, Default System Settings, Security Patches and Event Logging to make it secure.

Best Practices

Service organizations such as Data center business services, Internet network & security services, Software-as-a-Service providers, Financial service providers needs to comply with the SSAE 16 reporting frameworks.

 

Applicable SOC-1 SOC-2 SOC-3
Standard SSAE 16: AICPA Guide AICPA Guide Technical Practice Aid
Controls Internal control for financial reporting Security and systems privacy Security and systems privacy
Controls Reference Undefined Trust services principles Trust services principles
Usage of Report User auditor, management of user, management of service organization Knowledgeable parties Anyone

 

What We Do?

While conducting the security audits, we work close with the company’s auditing process and assuring you to provide the thorough and proper security audit with timely reporting.