Contributor(s): Alex DelVecchio

SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.

SSAE 16 is the reporting standard for all service auditors’ reports from June 15th, 2011, and beyond. SSAE 16 was preceded by SAS 70, which had been in effect since April 1992. 

A main difference between SSAE 16 and SAS 70 is that SSAE 16 requires the management of the service company to provide a written assertion to the auditor that their description accurately represents their organizational “system.” The organization’s system description consists of the services provided by the organization and any and all operational activities that affect the service's customers. In addition, the organization must also assert that their description honestly describes their control objectives and the time period in which they are meant to be evaluated.

This was last updated in April 2012

Continue Reading About SSAE 16

Dig Deeper on Cloud Computing Frameworks and Standards

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats