Statement on Standards for Attestation Engagement (SSAE) 18 is an American auditing standard issued by the American Institute of Certified Public Accountants (AIPCA). SSAE 18 became effective on 1st May 2017, replacing SSAE 16 and its predecessor SAS 70.
The Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) that addresses engagements undertaken by a service auditor for reporting on controls at service organizations that provide services to user entities, for which a service organization’s controls are likely to be relevant to a user entities internal control over financial reporting. A service organization is any entity providing services (for example, server hosting and colocation providers, software as a service company, payroll processors, etc.) to another organization. The SSAE 18 standard is used to produce System and Organization Controls (SOC) reports.
There are three types of attestation reports:
– SOC 1
– SOC 2
– SOC 3