RDX worked with an accredited, third-party SSAE 16 auditing firm to create a set of audit control objectives that best reflect the key service quality indicators that measure our operating effectiveness. The audit control objectives included all activities related to physical and logical security controls, data privacy, organization and administration, vendor management, work request and ticket management, incident management and monitoring installation and configuration. The most recent auditor’s report was issued in January of 2014.
What is the SSAE 16?
The Statement on Standards for Attestation Engagements (SSAE) No. 16 is a standard that was created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). The SSAE 16 replaces the SAS70, which was the previous auditing standard for evaluating and reporting on controls implemented by service delivery organizations. Third-party auditing firms are engaged by service providers to review, analyze and evaluate the overall design and implementation of controls that affect their organization’s operating effectiveness. SSAE16 audit engagements conducted by these specialized third-party auditing firms result in the issuance of a SSAE 16 Type I or SSAE 16 Type II Report.