Archives for June, 2010

ISAE 3402 framework for SSAE 16

Monday, June 21st, 2010

SSAE 16 contains 9 deviations from the ISAE 3402 framework, at a high level include:

    1. Intentional Acts by Service Organization Personnel
    2. Anomalies
    3. Direct Assistance
    4. Subsequent Events
    5. Statement Restricting Use of the Service Auditor’s Report
    6. Documentation Completion
    7. Engagement Acceptance and Continuance
    8. Disclaimer of Opinion
    9. Elements of the SSAE Report That are Not Required in the ISAE 3402 Report

Tags: ,
Posted in Uncategorized | No Comments »

SSAE 16 Guidance

Monday, June 21st, 2010

A high level explanation per the SSAE 16 Guidance:

(1) access to all information, such as records and documentation, including service
level agreements, of which management is aware that is relevant to the
description of the service organization’s system and the assertion;
(2) additional information that the service auditor may request from management for
the purpose of the examination engagement;
(3) unrestricted access to personnel within the service organization from whom the
service auditor determines it is necessary to obtain evidence relevant to the
service auditor’s engagement; and
(4) written representations at the conclusion of the engagement

Basically, you must give up anything needed by the service auditor that will permit them to attest to “Management’s description of the service organization’s system”, the main change associated with SSAE 16.

Tags:
Posted in Uncategorized | No Comments »