Audit terminology: SAS 70, SSAE 16, SSAE 18, SOC1, SOC2, Type 1, Type 2

If you are involved in information technology and compliance in a heavily regulated industry,  or work with larger organizations, you have probably run across the terms SAS 70, SSAE 16, SSAE 18, SOC 1 report, SOC 2 report, Type 1 Report, and Type 2 Report. These terms are frequently abused and misunderstood, even by compliance “experts,” so I’ve written this brief one-page summary. Everything I state below has a direct reference on the AICPA site; I have learned not to trust third-party sources in regards to compliance. Continue reading Audit terminology: SAS 70, SSAE 16, SSAE 18, SOC1, SOC2, Type 1, Type 2

Advertisements