SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.
SSAE 16 is the reporting standard for all service auditors’ reports from June 15th, 2011, and beyond. SSAE 16 was preceded by SAS 70, which had been in effect since April 1992.
A main difference between SSAE 16 and SAS 70 is that SSAE 16 requires the management of the service company to provide a written assertion to the auditor that their description accurately represents their organizational “system.” The organization’s system description consists of the services provided by the organization and any and all operational activities that affect the service's customers. In addition, the organization must also assert that their description honestly describes their control objectives and the time period in which they are meant to be evaluated.