SSAE - 16

SSAE is an acronym for The Statement on Standards for Attestation Engagements No. 16, which is a set of defined auditing standards and guidance published under the wing of the Auditing Standards Board (ASB) that, is a part of the American Institute of Certified Public Accountants (AICPA).

SOC Auditors use the SSAE 16 as a guiding document when creating two specific audit reports. These are as follows: 

  1. The first is a report developed to reflect the status of a service organization’s security controls and their operating effectiveness on a particular day and date. 
  2. The second report includes historical data that reflects how controls have changed over time in an organization’s model. 

SSAE 16 are auditing standards that auditors use to monitor the security controls of all types of organizations such as data centers, ISPs (internet service providers), and/or other groups that include such information security controls. These auditing standards are critical to help both the organization and the auditors establish and maintain information security compliance with different regulations, like Sarbanes-Oxley.‍

Most customers also use the SSAE 16 standard to pursue a SOC 1 report compliance.

See Scrut in action!