Many organizations choose to be audited in order to demonstrate their commitment to providing quality offerings and services. For organizations providing services, the Statement on Auditing Standards (SAS) No. 70 was the most prevalent audit performed, but that has changed.
Out with the Old
As of June 15, 2011, service organizations could no longer be audited utilizing the SAS 70 guidebook which has been used for over twenty years. The American Institute of Certified Public Accountants (AICPA) has completed a new framework to replace the aging and often misused SAS 70 guidebook, the Service Organization Control (SOC) reports.
In with the New
This refresh of guidebooks has created three separate reporting structures, the SOC 1, SOC 2, and SOC 3. The SOC 1 report is performed in accordance with Statements on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization while SOC 2 and SOC 3 utilize the Trust Service Principles in accordance with the AT Section 101-Attest Engagements standard.
What is SSAE 16?
Statements on Standards for Attestation Engagements 16 essentially performs what the SAS 70 was originally designed to do, communicate the organization’s and auditor’s attestation on assertions made by the organization through a structured report. The SOC 1/SSAE 16 description supersedes the SAS 70 making many improvements upon the original guidebook, including management attestation.
Our Approach
Similar to the SAS 70, the SOC 1/SSAE 16 report may be issued in two formats, Type 1 and Type 2. Type 1 reports are a point-in-time assessment of controls in place to ensure the stated control objectives are adequate. Type 2 reports build upon Type 1 reports by requiring the collection of detailed evidence throughout a period of time which demonstrates that the control objectives defined are not only implemented, but being practiced throughout the audit period. TEAM has always elected to have the Type 2 audit performed.
The SOC1/SSAE 16 report now provides further insight into the people, processes, and technologies implemented to effectively achieve the control objectives outlined by management. TEAM’s control objectives include items related to:
- Administrative Duties—ensuring TEAM maintains a trustworthy workforce;
- Physical Security—ensuring TEAM facilities are protected by strong policies and practices;
- Change Management—ensuring effective policies for managing changes to infrastructure are followed;
- Availability Management—ensuring TEAM’s infrastructure is properly maintained and that the data center environment is protected and conditioned in line with industry best practices;
- Incident and Event Management— ensuring that tools are in place and TEAM personnel are properly trained to address potential business impacting events; and
- Request Management—ensuring that service requests flow through a proper lifecycle.
TEAM’s Success
Providing what we promise is very important to TEAM. This was demonstrated once again in 2011, achieving an unqualified, passing, SOC 1/SSAE 16 Type 2 report. To receive a copy of TEAM’s unqualified, 2011 SSAE 16 Type 2 report you are encouraged to contact TEAM’s Sales department at sales AT teamnet DOT net
-Posted by Aaron Kirkpatrick, TEAM
About McGladrey & Pullen, LLP
McGladrey & Pullen, LLP operates under the McGladrey brand as the fifth largest U.S. provider of assurance, tax and consulting services, with nearly 6,500 professionals and associates in more than 70 offices nationwide. McGladrey & Pullen is a licensed CPA firm, and is a member of RSM International, the sixth largest global network of independent accounting, tax and consulting firms.
Industry Reputation and Leadership
McGladrey & Pullen is a member of the Center for Audit Quality and the Private Company Practice Section of the American Institute of Certified Public Accountants. We are also registered with the Public Company Accounting Oversight Board.
About TEAM/TDS Hosting and Managed Services
TEAM operates Tier III data centers in Madison, Wis., Des Moines and Cedar Falls, Iowa. All TEAM facilities are designed according to the highest industry standards, including Tier III, SAS70, and receive a “fail-safe” facility classification. TEAM’s suburban locations in Upper Midwest markets offer safety and security for any organization’s mission-critical IT systems and sensitive data. For the past three years, TEAM has been named one of the fastest growing companies by Inc. Magazine.
TEAM is owned by Fortune 500® Telephone and Data Systems Inc. and managed by subsidiary TDS Telecommunications Corp. in Madison, Wis.
0 comments:
Post a Comment