SSAE18 Review and Certification

Through an extensive on site data collection process, review of pertinent security-related documentation, interviews with key personnel and first-hand observations of system operations, the SCA consultants will compile the necessary data for the analysis. Security Compliance Associates will complete a Risk Assessment using SCA’s Security Risk Analysis (adapted from NIST SP 800-30) to include Internal Systems Vulnerability Assessment and Analysis, External Systems Vulnerability Assessment and Analysis, Review of Information Security Policies and Procedures as well as complete a contract review.  Combined, the tools and knowledge help to ensure that gaps and vulnerabilities have been identified and that commensurate remediation recommendations meet or exceed regulations and industry best practices. Following the assessment process, once the required remediation is completed, SCA will bring in a certifying party to issue your SSAE18 Certification. The process developed by Security Compliance Associates for conducting the analysis will include a review of the following Control Objectives:

  • Organization and Administration
  • Physical Security
  • Environmental Safeguards
  • Change Management and Operations
  • Problem Management and Operations Monitoring
  • System Backup
  • Logical Security