SSAE 16 SOC Compliance Audits Matter
Always Ask to See SOC 1, 2, 3 Compliance Reports
SSAE 16 SOC compliance a huge differentiator and it certainly sets AIS apart from any other provider in the Southwest.
Good news: for each of our data centers, AIS has successfully completed these important audits:
- SOC 1 Type II (SSAE 16 and ISAE 3402)
- SOC 2 Type II
- SOC 3 Type II
Background: The American Institute of Certified Public Accountants (AICPA) created the Service Organization Controls (SOC) Report framework and replaced SAS 70 with SSAE 16.
An organization can receive either a Type I or a Type II report. Type I merely reports on the suitability of the controls at a point in time, while a Type II report tests the effectiveness of the controls over a period of time, usually six months to one year. AIS does Type II audits.
Under the SSAE 16 SOC framework, service organizations who handle customer financial data now receive a SOC 1 report.
AIS has successfully completed the SOC 1, SOC 2 and SOC 3 reports.
The AIS SOC 1 report focuses on the security and availability principles and is available to customers and prospective customers upon request with the execution of a Non-Disclosure Agreement (NDA).
A SOC 2 report focuses on controls, called Trust Services Principles, related to Security, Availability, Confidentiality, Processing Integrity, and Privacy – validating that the system is protected against unauthorized physical and logical access, for example.
The AIS SOC 2 report focuses on the security and availability principles and is available to customers and prospective customers upon request with the execution of a Non-Disclosure Agreement (NDA).
Please contact your sales representative if you would like a copy of the full AIS SSAE 16 SOC 2 report.
The SOC 3 report is a summary Trust Services Report that documents assurances on AIS’ controls related to the Security and Availability principles but without the detailed description of the tests and results contained in the SOC 2 report.
AIS offers an extensive portfolio of services that will assist your team in locking down network infrastructure and insuring true compliance to the provisions related to the requirements of:
- Federal Information Security Management Act (FISMA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic and Clinical Health (HITECH)
- Payment Card Industry (PCI) Data Security Standards (DSS)
- Sarbanes-Oxley (SOX)
- And more…
AIS has extensive experience in regulated markets and will gladly work with you to map out a solution that fits your company’s specific needs.
AIS’ most recent SOC 1, 2, 3 Type II audit compliance reporting time period was from November 1, 2011 to April 30, 2012 and the next round of annual audits is nearly complete. Contact us if you would like to receive a bridge / gap letter.
SOC Type II compliance audit reports help customers have trust and confidence in the control procedures that AIS has in place. The process involves having an independent Certified Public Accountant perform a stringent verification and validation of our control activities and processes.
Contact AIS to learn more about why SOC 1, 2, and 3 Compliance Reports matter.