CrossView has completed a Statement on Standards for Attestation Engagement No. 16 (“SSAE 16” or “SOC 1”) Type II audit for Cross-Channel Commerce Platform Services. This is our second successful completion of a SSAE 16 report.
So what does this mean to CrossView customers? Successful completion offers assurance that we have implemented stringent controls and that we operate under these requirements on a day to day basis. It means our customers can have confidence that our data centers and operations are independently audited and reported upon, thus better ensuring the security and reliability of their information.
The new SSAE 16 standard goes above and beyond SAS 70, an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants. It comes with additional requirements for service organizations. A voluntary SSAE 16 audit is performed by an independent auditing firm that examines the controls and processes involved in storing, handling and transmitting data securely. The firm looked at CrossView’s controls in key areas, including:
- Network connectivity
- Firewall configuration
- Computer operations
- Database access
- Data transmissions
- Software development
Following the audit, CrossView received a Service Auditors’ Report with an unqualified opinion, demonstrating that CrossView’s policies, procedures, and infrastructure for data protection, security, and confidentiality met or exceeded the stringent SSAE 16 criteria. The successful completion of this audit illustrates CrossView’s ongoing commitment to create and maintain the most stringent controls for the protection and security of its customers’ confidential information.
Of Sarbanes-Oxley and other compliance programs
SSAE 16 audits have become increasingly important for data-handling service providers since the passage of Sarbanes-Oxley. This legislation requires a company’s business partners to have adequate internal controls. CrossView’s customers can easily incorporate its Service Auditors’ Report in their Sarbanes-Oxley compliance programs as proof that appropriate controls are in place – just another dimension of the PCI compliant support CrossView offers clients. The SSAE 16 audit can also help CrossView’s customers to comply with other regulations, including HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act of 1999), and ISO 27001.