- SAS 70 – Statement on Auditing Standards #70: Internal controls, not managed servers or cloud, no certification
- SSAE 16 (replaced by SSAE 18): audit leading to SOC 1 report
- SOC 1:
- Type 1: auditor’s opinion of accuracy of management’s description of system and suitability of design and controls
- Type 2: Type 1 plus audit of effectiveness of controls
- SOC 2: standard benchmark to compare audits
- SOC 3: SOC 2 for public release
Recent Comments