For the purposes of this article, we’ll be entirely focused on SOC 1. Look for future blogs related to the impact of SSAE 18 on your SOC 2 and 3 reports.
The Standards, They are a-Changin’
In 2016, the Accounting Standards Board (ASB) of the AICPA looked at its attestation standards and said, “We need to do some clarifying.” Out of this Clarity Project came the “Concepts Common to all Attestation Engagements,” and with it SSAE 18, which covers all attestation engagements with a major focus on third party vendor management, data validation, and risk assessments. Your SOC 1 audits fall under these new standards, so buckle up and hold tight to that Client Assistance list, because this request list’s about to get bumpy.