Understanding SOC Reporting & SSAE 16

Understanding SOC Reporting & SSAE 16

Posted on


More and more banks rely on vendors to run some of the most critical functions of the bank such as core processing, online banking, or disaster recovery functions. The vendors, in turn, ensure they are up to regulatory scrutiny by having an outsourced party do an independent review (or audit) of their controls. The SSAE 16 standards (formerly SAS 70) are confusing to many people and they are not always protecting the bank from the reputation issues that could be caused in the event of an attack. So....what's the solution?

Now that AICPA has retired SAS70, new standards have been introduced to ensure the security and confidentiality of someone's information. But is it called SSAE 16? Or SOC reporting? Type 1 or Type 2? ARGH!

This webinar helps clear the mud with some basic information addressing questions like:

  • Do all critical vendors need an SSAE 16?
  • What's the right thing to ask for from a vendor?
  • I'm a vendor! Which one do I need to do? SOC 1, SOC 2, SOC 3 report?

Check it out and let us know if you need any help.