October 2016: There’s no reason an SSAE 16 audit should strike fear into the hearts of those who have to prepare for it — even if you’re running a big part of your business in the cloud. You can set up your policies, procedures, systems and reporting functions so that proving you’re compliant is a whole lot easier. It’s all about streamlining and automating.
Here’s a table that compares preparing for third-party audits the old way versus doing it the new, much-less-painful way:
In case you don’t know what SSAE 16 is, it stands for the Statement on Standards for Attestation Engagements 16, which defines the third-party review process when auditing your company for things like quality control, security and data integrity. It replaces SAS 70. When you have a clean audit, it means you can prove you’re doing things the way you’re supposed to based on the SSAE 16 standards. But if you fail an audit, it doesn’t necessarily mean you’re not doing things the way you’re supposed to. It can mean you’re having a tough time proving it.
Business processes and procedures that, by design, automatically capture and store data required by SSAE 16 audits help you prove that you’re doing things right.
Not all businesses need to be SSAE 16-compliant but all businesses can benefit from standardized IT systems and processes. Efficiency is built in, there’s much less room for error, and data you need for good business decisions are right at your fingertips. It’s also a lot easier to do an internal pre-audit, which means you can find and fix problems before the real audit.
|SSAE 16 PAIN||SSAE 16 BREEZE|
|Pulling the 200+ random items requested by the auditor may take weeks or longer to prepare||Pulling the items moves more quickly because the data has been captured automatically during the year|
|Business as usual is disrupted because employees are diverted from their regular responsibilities||Regular business can absorb audit preparation responsibilities more easily|
|More employees than you want must participate in the audit process||Audits can be handled by fewer employees|
|Employees can be confused by what’s expected of them||Employees are fully trained on the streamlined processes so audit item request make more sense|
|Missing or inconsistent details requires deeper-dive information gathering, which is time-consuming||Details have been considered ahead of time and are built into the process|
|Legacy processes that aren’t documented or verifiable slow down the audit process and may limit the number of people who are qualified to gather the information||With all business processes in writing, audit preparation is faster and there are more people who can handle the task|
|IT issues tracked by an email-based system may cause actual headaches during the audit process||IT issues tracked by a streamlined ticketing system feel like an actual neck massage during the audit process|
|The audit is a really big deal and it’s equally difficult every year||The audit is not that big a deal and it gets easier every year|
Leapfrog is a big fan of streamlined, automated, verifiable, and secure processes. With tools like permanent firewall systems with automated threat reporting, for example, you have a record of the attempts, blocks, bad passwords and other events that took place — and how they were responded to. The information is collected as part of standard business processes and is kept in a secure database so you can query it at any time. Solutions like these are what we use to help clients pass SSAE 16 audits more quickly and smoothly, just like we do here at Leapfrog.
[well size=”sm”]If your goal is an optimized IT environment that helps your company grow and prosper, you need highly effective Help Desk support. The faster problems get solved, the sooner your team can get back to work. Leapfrog offers a range of managed IT services, including 24/7/365 Help Desk Support. We pride ourselves in our lightning-fast resolution speeds and deep knowledge of all things IT. Customer service as Priority One means no more bottlenecks![/well]