SSAE 16 & Reporting Options for Service Organizations

888-605-9848
www.assureprofessionals.com

** Offered through our affiliate Point Solutions

Why are you being asked for an SSAE 16?

888-605-9848
www.assureprofessionals.com
About Us
Assure Professionals is an innovative provider of
affordable audits to service organizations across a
variety of industries. Developed from over 15 years of
private and public accounting experience as well as
over 25 years of IT experience, Assure strives to
provide high quality services to our customers.
We specialize in providing audit services (SSAE 16,
SOC 1, SOC 2, and SOC 3) to service organizations.
Our processes are designed to be non-disruptive and
hassle-free. Throughout the process we will work with
your company to understand your business needs.

When a company chooses to outsource a service, they

want assurances that controls are in place to ensure
the services are provided timely, accurately, and
securely each time the service is utilized.
They may be interested in any of the following:

Organization and HR Is oversight from

management or supervisors provided and are
employees qualified for their positions?

Physical and Environmental Are your facilities

secured and do you maintain an appropriate
environment for the equipment or data (i.e.
HVAC and/or fire suppression systems)?

Logical Access Are security settings in place

to prevent unauthorized access to client systems
or information?

Processing Integrity Are quality control

procedures in place to verify that information
processed was completed correctly?

Disaster Recovery If a disaster occurred,

would you be able to retrieve information from
data backups and continue operations?

Audit Reports Offered

Statement on Standards for Attestation Engagements
(SSAE)*

SSAE 16 Type 1 (SOC 1)

SSAE 16 Type 2 (SOC 1)

Trust Services Principles (TSP)

SOC 2 Type 1
SOC 2 Type 2
SOC 3

SOC 2 and 3 Principles

(You may choose any or all principles to include)

Security The system is protected against

unauthorized access (both logical and physical)

Availability The system is available for

operation and use as committed or agreed upon.

Processing Integrity System processing is

complete, accurate, timely, and authorized.

Confidentiality Information designated as

confidential is protected as committed or agreed
upon

Privacy Personal information is collected,

International Standard on Assurance Engagements

ISAE 3402

Payment Card Industry

PCI**
* Effective June 15, 2011, SAS 70 was replaced by
SSAE No. 16

used, retained, disclosed, and/or destroyed in

accordance with established standards.

Contents of the SSAE 16 Service Auditors Report

Type 1

Type 2

Type 2

SOC 3
Single Format

Service Auditors Letter

Description of Controls

Control Environment

Risk Assessment

Information and Communication

Monitoring

Control Activities

Test of Controls over the Audit Period

User Organization Auditors Reliance on Report

Contents of the Trust Service Principles Service

Auditors Report (SOC 2 and SOC 3)
Service Auditors Letter
Description of the System (as they relate to the TSP)

Infrastructure

Software

People

Procedures

Data

Privacy Practices (if Privacy Principle is selected)

Test of controls over the Audit Period

User Organization Auditors Reliance on Report

SOC 2
Type 1

The Audit Process

The process takes approximately 4-6 weeks from start to completion, depending on your teams availability. We
are cognizant that our clients have a fulltime position without catering to auditors. For that reason, we are
flexible to your needs and work around your schedule to provide a quality audit and report in the time frame
you desire.

Pre Assessment This is provided at NO ADDITIONAL cost to our audit services. We take the time to
listen to your operations and understand your business in order to assess the controls you have in place.

Audit Evidence and Collection Period Communication is the foundation of our process. Based on our
initial assessment, we will provide you with a detailed list of items requested and are never more than a
phone call away to provide assistance.

Onsite procedures If an onsite visit is necessary, we conduct final scoping, make inquiries of
management and staff, and review the operations with management. Testing of controls that require
observation or are confidential in nature are completed at this time. Our auditors are aware that an audit can
cause business disruptions and are trained to prepare in advance to minimize disruptions.

Reporting As a service to our clients, we will write the draft audit report. The reports undergo an
extensive quality assurance review before being sent to you for final edits and acceptance.

For additional information visit us online at

www.assureprofessionals.com
or call us
888-605-9848