Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Targeted Security Assessments
Targeted Security Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Recodifying SOC reports: What SSAE No. 18 means for SOC 1s

News | SSAE 16 / ISAE 3402 | SOC 1

SSAE 18 WhitepaperOriginally published in Accounting Today

Simply put, SSAE No 18 is the standard which recodifies all the previous attestation standards. It is the culmination of the efforts to clarify the various standards for performing attestation engagements, which includes among many others, SOC 1 (commonly referred to as SSAE No. 16) and SOC 2 and SOC 3 (AT Section 101), into a single set of standards for the auditors.

The practitioners performing the attestation engagements for SOC reports will not notice very many material changes in the standards; however, there are a few key areas of emphasis worth noting for SOC 1 reports:

  • Modification to assertion criteria
  • Evaluating the reliability of evidence provided by the service organization
  • Monitoring of sub service organizations
  • Obtaining an understanding of the service organization’s system and assessing the risk of material misstatement

Download our complete guide to the SSAE No 18 standard:

New Call-to-action

About RYAN BUCKNER

Ryan Buckner is a Principal and Chief Knowledge Officer at Schellman. Ryan currently serves on Schellman’s attestation leadership team and leads the firm-wide research and development for attestation methodology. Ryan is a CIPP, CISSP, CISA, ISO 27001 Lead auditor, and maintains multiple CPA licenses, among other certifications. Ryan is also an AICPA-approved and nationally listed Peer Review Specialist for SOC examinations. Having directly performed and completed over 1,000 service audits, Ryan is one of the most experienced service auditors in the world.