SSAE16/SSAE18/SOC 1 Analysis and Reviews –The Service Organization Controls (SOC) reporting framework and Statement on Standards for Attestation Engagements, which was previously called SSAE16, is now SSAE18. K2 IT Audit LLC has deep industry knowledge and extensive experience in performing SOC 1 (SSAE 18) Type 1 and Type 2 assessments, as well as reviewing these assessments and the corresponding Complimentary User Entity Controls (CUEC’s) associated with applicable user entities.

SOC related Service Offerings:

SOC 1 Type 1 Assessment: During this assessment, K2 IT Audit professionals will perform an evaluation to determine the number of user entities that accept services by the “external service organization” as well as the types of services offered to these user entities. We then perform various inquiries with management to determine what controls the management of the service organization is asserting to and which controls are being pushed down to the user entities. K2 IT Audit LLC then performs a detailed assessment based on FISCAM methodology to determine the design and operating effectiveness of those controls.

SOC 1 Type 1 Analysis for User Entities and Evaluation of CUEC’s:During an analysis of a SOC 1 Type 1 assessment for a user entity, K2 IT Audit professionals first begin by analyzing the SOC report. We review all the deviations identified in the SOC report and perform various inquiries with management of user entities to understand if these deviations/exceptions affect the user entity in question. We then inquire with the user entity to understand how they monitor the Complimentary User Entity Controls (CUEC’s) and develop a customized test plan based on the FISCAM methodology. We then perform a detailed Test of Design (TOD) and Test of Operating Effectiveness (TOE) analysis of these controls for which the user entity is responsible for and document our results.

Our experience in providing SOC testing and analysis extends to a wide range of industries and service organization types including Cloud Computing providers (SaaS, PaaS, and IaaS) and Managed Hosting and data centers.

Please contact us for more information about our SSAE18/SOC 1 services.