SSAE 16 (previously SAS 70 compliance)
SSAE 16, SAS 70, ISAE 3402

Why SSAE 16/SAS 70?

If you are a service provider to a US listed organisation or an organisation demonstrating enterprise risk management place, SSAE 16 is an attestation by a US based CPA firm that you have security/risk management as an organisation framework in place.

Why Coral?

Coral has a systematic approach to build a control infrastructure that ensures successful SSAS 16/ISAE 3402 compliance. The approach includes (but not limited to)

• Determination of scope of business which requires compliance,
• Performing enterprise risk assessment,
• Determination of control environment,
• Testing, and
• Successful attestation.

What is the approach for successful attestation?

There are primarily four phases, and in each phase there can be several sub-phases:

Phase I – Scope determination – that part of the organisation which needs to be covered which needs control prioritization

Phase II – Gap Analysis – Degree of control implementation presently resulting in a gap summary report along with recommendations

Phase III - Implementation / measurement journey through definition of policy/procedure/documentation on one hand and the implementation of the gaps on the other;

Phase IV – Internal Audit is the process of verifying successful implementation, on one hand, and the inclusion of security principle in business lifecycle on the other.

Phase V – CPA Attestion

Total duration of each milestone can vary depending upon the complexity of the organisation.   Talk or write to us at roadma@coralesecure.com to know how we can take you through a successful journey.