Statement on Standards for Attestation Engagements (SSAE),is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A service auditor's examination performed in accordance with SSAE 16 Type II (SOC1) is widely recognized, because it represents that a service organization has been through a rigorous audit of their control objectives, safeguards and control activities, which often include controls over information technology and related processes.
The SSAE 16 Type II (SOC1) report not only includes Checkwriters description of controls, but also a detailed testing of the controls over a defined period of time. The auditors perform tests of the controls supporting the control objectives to determine whether the controls were operating with sufficient effectiveness to provide reasonable assurance that the control objectives were achieved during the testing period, for example, from January 1 to December 31.
Such a review is important for service organizations that provide services that are critical to its customers' operations-the SSAE 16 Type II (SOC1) Certification provides third-party verification that, in turn, the organization's customers can supply for audits of their own operations (the audit meets Sarbanes-Oxley requirements).