About Us > Data Security
> Company Overview
> Product Milestones
> Clients, Affiliations & Partners
> Current Events
> Data Security
FutureNet 2012 and 2013 reports
SSAE 16 ( SOC2 ) Reports
SSAE 16 ( Statement on Standards for Attestation Engagements No. 16 ) is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) that addresses engagements undertaken by a service auditor for reporting on controls at organizations (i.e., service organizations) that provide services to user entities, for which a service organization's controls are likely to be relevant to a user entities internal control over financial reporting (ICFR).
SSAE 16 effectively replaces Statement on Auditing Standards No. 70 (SAS 70) for service auditor's reporting periods ending on or after June 15, 2011. SSAE 16 is an enhancement of SAS70. The changes made to the standard will bring our company, and the rest of the companies in the US, up to date with new international service organization reporting standards, the ISAE 3402. The adjustments made from SAS 70 to SSAE 16 will help us and our counterparts in the US compete on an international level; allowing companies around the world to give you their business with complete confidence.
SSAE 16 forms the underlying platform and professional standards for which the new AICPA SOC reporting framework is founded on, which consists of SOC1, SOC2 and SOC3 reports.
The Service Organization Control (SOC) 2 Report will be performed in accordance with AT 101 and based upon the Trust Services Principles, with the ability to test and report on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls (just like SOC 1 / SSAE 16). The SOC 2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, as opposed to SOC 1/SSAE 16 which is focused on the financial reporting controls.
The Trust Service Principles which SOC 2 is based upon are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the principles have defined criteria (controls) which must be met to demonstrate adherence to the principles and produce an unqualified opinion (no significant exceptions found during your audit). The great thing about the trust principles is the criteria that businesses must meet are predefined, making it easier for business owners to determine required compliance needs and for users of the report to read and assess the adequacy.
Many entities outsource tasks or entire functions to service organizations that operate, collect, process, transmit, store, organize, maintain and dispose of information for user entities. SOC 2 was put in place to address demands in the marketplace for assurance over non-financial controls to prevent SOC 1 from being misused like SAS 70 was.
During the last two years, FutureNet has invited SSAE16 Professionals to audit our operations which has generated an annual SOC2 report for both 2012 and 2013.
To request a SSAE16 SOC2 reports from FutureNet, please contact:
To learn more information about the auditor and SSAE16, please visit :