TaxDome wins Comprehensive Firm Workflow Solutions — CPA Practice Advisor Readers’ Choice Awards 2024 [Read more]

🔥 Join in-depth webinars to get up to speed on automations, invoicing and team collaboration [Learn more]

SSAE-16 SOC 1 Compliance

What does SSAE-16 SOC 1 Type 2 mean?

SSAE-16 SOC 1 Type 2 is an AICPA auditing report that details how businesses should develop and implement their financial reporting procedures over time. SSAE-16 SOC 1 Type 2 stands for Standards of Attestations Engagement No. 16, System and Organizations Controls Report 1, Type 2.

How is SOC 1 Type 2 compliance determined?

In order for an organization to meet SOC 1 Type 2 compliance, they must provide detailed data that specifically shows how their financial reporting practices are created and executed over a certain period of time. This timeframe is typically in the 6-12 month range. An independent auditor usually prepares this report and carries out all of the required examinations. Noncompliance with SOC 1 Type 2 does not result in penalties, but poor results might lead to customers avoiding an organization due to financial reporting flaws.

How does SOC 1 Type 2 data center and cloud hosting work?

Systems and Organizations Controls Report 1, Type 2 is one of the numerous auditing standards that we use with our data centers and for accounts that host systems and software related to internal controls for financial reporting. TaxDome Cloud accounts can be used to safely run software and store all of your organization’s data, just like a standard computer or server does. These activities are run directly in the Cloud within a 256-bit AES encrypted, Amazon AWS account.

How can I audit and maintain compliance with SOC 1 Type 2?

The TaxDome team regularly audits all TaxDome accounts adhering to the SOC 1 Type 2 and other SSAE-16 standards.

Are there additional compliance standards similar to SOC 1 Type 2?

Yes, Systems and Organizations Controls Report 1 is one of three SSAE-16 auditing standards that are typically used to audit data centers. SOC 1 is the only one that directly addresses an organization’s financial reporting practices. The additional two SOC reports, SOC 2 & 3, focus more on how organizations handle non-financial reporting procedures such as data security, system processing, server uptimes, and data processing. These are the additional compliance standards that are most similar to SOC 1 Type 2.