An SSAE 18 compliant status conferred on a service organisation is a testimony that the service provider has adequate controls and safeguards in place to host and process the data of its clients.
What is SSAE 18?
SSAE (Statement on Standards for Attestation Engagements) 18 is an internationally-recognised service organisation reporting standard issued by the American Institute of Certified Public Accountants (AICPA). The purpose is to align with the International Standard on Assurance Engagements (ISAE) 3402 — a global standard for service organisation controls reporting — issued by the International Auditing and Assurance Board.
Prior to this, businesses that need independent assurance on the controls and processes at third-party service organisations had relied on the Statement on Auditing Standards (SAS) No 70, also issued by the AICPA, since 1993. For example, to ensure that controls are effective at their outsourced service providers, US-listed companies that are required to comply with SOX 2002 Section 404 rely on SAS 70 compliance as the benchmark.
Effective 1 May 2017, SSAE 18 replaces SSAE 16.
How is the service organisation tested?
An independent licensed accounting firm will evaluate and test the control policies and procedures of a service organisation. Where it has been audited to have met the global standard (SSAE 18), the service organisation will be issued with what is termed as the AICPA Service Organisation Control (SOC) Report, which will then be relied upon by financial auditors of an organisation that outsources work to this service organisation.
AccountServe has attained the AICPA SOC 1 (Type 2) Report, which essentially reports on the effectiveness of controls that are likely to be relevant to an audit of an organisation's financial statements.
Benefits
A company that engages an SSAE 18 compliant organisation like us enjoys:
- Internationally recognised assurance of the service organisation’s ability to protect its data security, integrity and confidentiality
- Convenience where the company needs to comply with the Sarbanes-Oxley Act (SOX) 2002 Section 404 to ensure that its outsourced partners have effective controls over financial reporting
- Cost savings, as the company auditors can now rely on the AICPA SOC reports and no additional audit fee needs to be incurred to audit their outsourced service organisation
Why Choose AccountServe?
Few companies in the same industry in Singapore have gone through the SSAE 18 audit. We passed the audit when SSAE was introduced in June 2011, and prior to that, we attained the SAS 70 status since 2008.
The fact that controls and operations at AccountServe have been assessed, tested and passed by an independent accounting firm on a yearly basis indicates that AccountServe has met international risk control standards and that sufficient safeguards are in place to protect clients’ data and confidentiality. This is a mark of service quality and commitment that provides you with greater assurance.
For more information, please click here.