IT Controls & Compliance 2012 - SSAE 16 (formally known as SAS70), SOC1 to SOC 3 Reporting Demystified

In this 90-minute training you will learn more about SSAE 16 (formally known as SAS 70), SOC 1, SOC 2 and SOC 3 reporting, how to choose the right report for your organization and how to get ready for the attestation.

Companies are familiar with SAS70 reports, which were prepared following the AICPAs Statement of Auditing Standards No 70. The main focus was to provide assurance over service organizations’ controls over financial reporting. However, the landscape of compliance sometimes requires additional requirements such as security, availability, processing integrity, confidentiality and privacy which did not directly correlate to controls over financial reporting. Hence, the AICPA recently released a new series of reporting options called Service Organizations Control Reports (SOCs) which enable CPA firms to provide assurance on internal controls on subject matter outside of financial reporting. These reports are called SOC1, SOC2 and SOC3 reports.