Services
Practice Leadership
Search for Reznick Group practice leaders.Practice Overview Brochure
SAS 70 Audit Services Brochure
Learn about our SAS 70 and SSAE No. 16 audits and other services that help third-party service providers maintain security.
 |
SAS 70 Replaced by SSAE No. 16: Understanding the New Standard The new standard, Statement on Standards for Attestation Engagements No. 16 (SSAE 16) was introduced in April 2010. |
 |
Reporting on Controls at a Service Organization SSAE 16 (formerly SAS 70): FAQs Need more information? Find answers to frequently asked questions here. |
SSAE 16/SOC 1 (formerly SAS 70) Service Organization Examinations
In today's fast-paced and complex business arena, a due diligence process is needed to assure companies of the safety and integrity of their data while in the hands of a third part service organization. SSAE 16 (formerly SAS 70) examinations provide this assurance by examining, documenting, and testing (as needed), an array of internal controls within third-party service organizations. As of June 15, 2011, SAS 70 was replaced by a new standard, SSAE 16, which is also known as a SOC 1 (Service Organization Control report). See "Insights" on the right side of the page for more information.
If your company provides outsourced services and is required to complete a Type 1 or Type 2 service organization examination, Reznick Group can help meet this need. Our service organization examinations are performed by Certified Information Systems Auditors (CISA) with years of relevant IT and audit experience. We can assist large companies that are familiar with the audit process as well as smaller companies that may have no prior audit experience.
While each service organization examination is different in terms of scope and pricing, one thing remains the same – Reznick Group's commitment to quality and client satisfaction.
The engagement process is typically as follows:
Pre-Assessment
If desired our engagement team will issue a custom report of established and recommended SSAE 16/SOC 1 controls for your consideration.
Identification of Control Objectives
Our engagement team members work with you to identify business process and IT control objectives to be examined.
Service Organization Examination Execution
We work with you to craft your description of your system and ensure that relevant identified controls are tested.
Finalization and Delivery
Issues are identified and communicated to you. Our engagement team then makes specific recommendations for improvement and delivers a final SSAE 16/SOC 1 report.
Related Services
- Third party assessments
- BITS shared assessments
- ISAE 3402 examinations
- Technology assurance
- Report on controls relevant to security, availability, integrity, confidentiality or privacy (SOC 2)
- Trust Services report for service organizations (SOC 3)