SSAE16 SOC2

  • Assessing Risk: Your Deltek or QuickBooks System in The Cloud.

    Whether your organization is considering moving its Deltek or QuickBooks system to The Cloud or it’s already there, it’s vitally important to periodically assess the risks.

  • Cloud Security Essentials

    In this whitepaper from Technology & Business Solutions LLC, TBS Founders Jay Ethridge and Joe Jezior provide a comprehensive overview of the many layers of Cloud Security — Access, Infrastructure, Hosted Products, Data, Compliance, Personnel, Integrations and Technology. Importantly, a Cloud Provider’s infrastructure model defines the breadth and rigor of its security regime. It also determines whether the provider is delivering “The Promise of The Cloud” with secure, mobile, capable and interconnected technologies.

  • Cloudy With A Chance Of Savings: Automation Secrets Your Consultants May Not Want You To Know.

    Increasingly, corporate software is becoming more automated, turn-key and configurable, with powerful enterprise systems like Salesforce.com, Google Docs and Alfresco Document Management capable of installation, business-rule matching and deployment in literally a matter of weeks, even days. These agile, scalable systems leverage The Cloud for delivery and upgrades, and their ability to save significant IT resources and time over traditional “on-premise” software is generally well understood.

  • AICPA Tightens Internal Controls for Cloud SOC2s.

    The AICPA recently announced even tighter internal controls for its new service organization audit program -- SOC2. Because the old SAS70 standard was discontinued in June 2011 as "organizations became increasingly concerned about risks beyond financial reporting, and SAS 70 often was misused as a means to obtain assurance," the AICPA is determined to ensure that the SOC2 audit for Cloud Computing and Software-as-a-Service providers is administered properly and delivers meaningful assurance.

  • SSAE16-SOC2 Basics and Cloud Computing.

    Because its application was misused and ambiguous, the AICPA replaced the old SAS 70 assurance program for service providers with the new SSAE16 standard in 2011. The AICPA further designated an SOC2 (Service Organization Control) audit report for Cloud Providers, instituting important “Trust Services Principles” for Cloud Data.

  • SOC2: Expanding Service Organization Controls Reporting.

    Editor's Note: In this comprehensive piece from The Journal of Accountancy, Chris Halterman explains that the AICPA's SSAE16-SOC2 assurance standard is the right one for Cloud Computing service providers. He writes: "SOC 2 engagements are designed to meet the needs of user entities and other stakeholders by providing service organizations with criteria for describing their systems, criteria for evaluating the suitability of design and operating effectiveness of the service organization’s controls, and an independent CPA’s opinion on the description of the system and the design and operating effectiveness of the service organization’s controls. Examples of service organizations include cloud computing providers, payroll processors, information security service providers and information service providers."

  • SAS70, SSAE16, SOC2 and Data Center Standards.

    Editor's Note: The AICPA's audit program for service providers presents Cloud Computing customers with an alphabet soup of choices. In this informative overview Matt Klein provides real insight into the best assurance standard for Cloud Services and Data Centers -- the AICPA's SSAE16-SOC2. He writes: "SOC 2 provides much more stringent audit requirements with a stronger set of controls specifically designed around data center service organizations. SOC 2 provides what was missing in the SAS 70 – a standard benchmark by which two data center audits can be compared against the same set of criteria. SOC 2 is a welcome standard to our industry. It will raise the bar for some, and allow others to shine under the stringent processes they already have in place."