- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
Fact: More and more organizations are outsourcing business functions to third party providers so they can concentrate on their core business functions, reduce headcount, and ultimately save money. A great example of this is what is called Business Process Outsourcing (BPO) where companies outsource specific business functions to that third party provider. Some common examples of these processes include:
With this increase in outsourcing specific business functions combined with increased regulatory oversight, more and more organizations are being required to conduct assessments and provide verification of their internal controls. This process and subsequent report is known as an SSAE 16. Inside of this SSAE 16 "shell" are three different SOC (Service Organization Controls) reports that are issued by a CPA firm under guidance from the AICPA. At a very high level, there are three different types of SOC Reports:
While there are other types of reports in each of these SOC reports (we will cover that next week so stay tuned), how do you know which one you need, when you need it, and who is authorized to view it? With the assistance of our partner, Mike Mellor from DiSanto, Priest, & Co., we have included quick breakdown of the differences between these SOC Reports as so you can differentiate between them.
Next week we are going to look specifically at the SOC 2 report as there are two different types of SOC 2 reports. In the meantime, if you are considering starting the SSAE 16 SOC 2 process, I would encourage you to download our SSAE 16 Readiness Assessment brochure. This will outline the steps in the process and how Compass can assist your organization in working through the process. Till next week........