RESULTS Technology has successfully completed the SSAE 16 SOC 2 compliance 2015. SSAE 16 (Statement on Standards for Attestation Engagements No. 16) is the gold standard for the validation of a service organization’s operations and procedures. RESULTS is audited annually in nine specific areas including all aspects of data and physical security, data backup, network monitoring, change management and systems maintenance.
Successfully completing the SSAE 16 audit demonstrates that we are committed to best practices and continually ensure our process management meets the highest industry standards. Our ability to successfully pass this rigorous, in-depth audit verifies RESULTS has the proper controls and processes in place to deliver the high-quality services our customers expect.
The completion of the audit is of particular importance to RESULTS’ financial services customers for which SSAE 16 compliance is often a requirement. The audit was completed, Mayer Hoffman McCann P.C., a top ten national accounting firm.
RESULTS engages CBIZ (Mayer Hoffman McCann) to audit our operations as part of an SSAE 16 SOC 2 Type 1 review. This audit standard provides our customers assurances that RESULTS follows the controls and procedures we have in place. This transparency assures our customers and their auditors that RESULTS provides confidential, secure and quality managed services.
What Does This Mean?
SOC refers to Service Organization Controls. These are comprised of a series of standards designed to help measure how well a given service organization controls its information. SOC 2 concerns the internal controls in place at the service organization. For a company to receive SOC 2 certification, it must have sufficient policies and strategies that satisfactorily protect the client’s data.
SOC 2 is designed for more advanced IT service providers. These can include IT managed service providers, cloud computing vendors, data centers, Software-as-a-Service companies and more.
The SOC 2 framework includes five key sections, forming a set of criteria called the Trust Services Principles. These include:
- The security of the service provider’s system.
- The processing integrity of this system.
- The availability of this system.
- The privacy of personal information that the service provider collects, retains, uses, discloses and disposes of for user entities.
- The confidentiality of the information that the service provider’s system processes or maintains for user entities.
If you are under compliance regulations, you may be required to work only with vendors who have successfully completed this audit. Even if you are not under any compliance regulations, you should still consider requiring this audit from any vendor who has access to your company’s data.