SSAE 16 (previously SAS 70 compliance)
SSAE 16, SAS 70, ISAE 3402

SSAE 16/ISAE 3402 Consulting Overview

We provide SSAE 16/ISAE 3402 consulting/attestation support. This involves service organization risk assessment, gap analysis, policy/documentation support, training, gap implementation monitoring, and internal audit leading to zero defect SSAE 16/ISAE 3402 attestation.

SSAE 16 certification - key phases

Coral has a structured approach to build a control infrastructure that ensures successful SSAE 16/ISAE 3402 compliance. The approach includes (but not limited to)

  • Determination of enterprise risk leading to control selection,
  • Performing enterprise risk assessment,
  • Determination of control environment,and Implementation Support
  • Control Testing, and
  • Successful attestation resulting in issuance of ISAE 3402/SSAE 16 report

Want to know more?

Read our SSAE 16 Blogs

See here recent companies where we implemented SSAE 16

What is Coral approach to successful SSAE 16 implementation/attestation?

There are broadly five phases to implementation and attestation.

Phase I – Scope and enterprise risk determination – this phase of ssae 16 attestation/ISAE 3402 includes identification of contractual risks/enterprise risks. Also that part of the organization which needs to be covered which needs control prioritization.

Phase II – Gap Analysis – In this phase of SSAE 16 compliance we determine the degree of controls existing, and gaps leading to individual recommendations.

Phase III - SSAE 16 Implementation / measurement journey through definition of policy/procedure/documentation on one hand and the implementation of the gaps on the other. This ensures control principles are implemented in the organisation DNA.

Phase IV – SSAE 16 Internal Audit or Testing controls is the process of verifying successful implementation, on one hand, and the inclusion of security principle in business lifecycle on the other.

Phase V – Final SSAE 16 attestation - The final phase in which a US based CPA firm attests and issues the SSAE 16 report. Depending on the scope either a ssae 16 type i or ssae 16 type ii report is issues.

Please call or write to us at to know how we can take you through a successful journey.

Contact Us Now !