(888) 208-0020 prs@auaus.net

SOC 1 and SOC 2 compliance Our vendors go above and beyond to meet the SSAE 18 requirements. acginfo.biz

SSAE 16, SSAE18, SOC 1, SOC2: What they are and why you should care
Editorial Team
July 11, 2017 by Editorial Team (39posts) under HIPAA Compliant Hosting
0 Comments
1
Cloud computing has revolutionized the world of software licensing, but it has also opened the gates to new security risks. In the past, if a company wanted to add new software, it had to endure long installation processes on local servers. This gave companies the opportunity to verify the reliability of their systems, while local hosting gave them more control over their data. However, it was also immensely time-consuming and costly to set up and maintain.

Risks and Opportunities of Third Party Hosting – How SSAE 16, SSAE 18, SOC 1, and SOC 2 Help
Today, adding software to your organization can be as quick as logging into an online platform. It offers a major competitive advantage, especially when coupled with flexible payment plans. Engaging a service provider enables your organization to become more efficient in record time. There is no need to reinvent the wheel and create security protocols and software installation from scratch. You can be up and running within weeks or even days. Need to host an app? Find a cloud hosting provider who already has servers set up so that your team can focus on building the app and prepare it for launch.

However, hosting in the cloud means that you have limited control over your data and knowledge of its location. This lack of control can become a significant liability to your company, especially if the data in question belongs to your end users. In the event of a data breach committed by the provider, you will be the one held accountable to your end users. Therefore, ensuring the security, integrity, confidentiality, and privacy of your sensitive data should be of paramount importance.

Question of Reliability
If you are a company that chooses to store and process your end users’ personal or confidential information with a third-party provider, you have a list of concerns to address. It is your responsibility to verify that the third-party provider is dependable, their system is functional and has proper safeguards in place.

You may think that hosting your data locally seems to be the wiser choice. The reality is the cost of building a system that integrates a variety of functions, which is what most businesses need to remain operative, can be extremely high and a headache to maintain. (See our article How to Become HIPAA Compliant to assess the scope of creating a secure HIPAA hosting environment.) It makes more sense to outsource.

The key is to employ the services of a provider that is properly certified and meets the demand for confidentiality and privacy of information. This is what you’ll need to guarantee your users’ trust, especially if you are dealing with financial or health-related personal data. To obtain this assurance, you are entitled to require from the service provider a proof that it has proper controls in place, as verified by a third-party accounting firm. This proof comes in the form of SOC 1 and SOC 2 reports.

Finding the Right Kind of Provider
SOC (‘Service Organization Control’) reports were created by the AICPA in order to set compliance standards and keep pace with the rapid growth of cloud computing and businesses outsourcing their services to third-party providers.

Before AICPA drafted the SSAE 16 standards and the SOC reports, it had a single examination for Service Providers based upon Statements on Auditing Standards (SAS) 70. This standard was launched to ensure that third-party providers had the proper controls in place to prevent the service provider from having an errant material impact on its customer’s internal control over financial reporting (ICFR). With the development of cloud computing and an increase in the number of companies entrusting third-party providers with their customer data, a need emerged for a standard that expanded beyond financial controls to also include security and confidentiality of the entrusted data. To clarify the new set of standards and include new business practices, the AICPA replaced the SAS 70 report with the SOC framework.

What Is SSAE 16?
SSAE 16 stands for Statements on Standards for Attestation Engagements No. 16. Effective in mid-2011, this new auditing standard superseded the SAS 70 standard. According to AICPA, the SSAE 16 requires companies, like data centers, to provide a written report that describes any and all controls at organizations that provide services to customers when those controls are likely to be relevant to user entities internal control over financial reporting. In May of 2017, SSAE 16 was super-ceded by SSAE 18.

What Is SSAE 18?
In the Spring of 2016, the AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of SSAE 18, “Concepts common to all Attestation Engagements”. As the SOC 1 is an attestation engagement, the SSAE 18 standard will apply to SOC 1’s and supersedes the SSAE 16 standard. The SSAE 18 standard will go into effect for reports dated after May 1, 2017. It is important to note that the SSAE 16 standard was specific to service organizations and the SSAE 18 is for all attestation engagements which essentially means that referring to a SOC 1 as an SSAE 16 examination will go away and will not be replaced by the term SSAE 18 examination but will be referred to simply as the SOC 1.

What Is SOC 1?
The SSAE 18 SOC 1, sometimes just stated as SOC 1, is the report you get when you are audited for SSAE 18. The SOC 1 Type 1 report focuses on a service provider’s processes and controls that could impact their client’s internal control over their financial reporting (ICFR). The examination helps ensure that both the system and personnel responsible for these controls at the third-party provider are doing their job in a manner that will not adversely affect their client’s ICFR. This report is key with respect to services such as payroll and taxation since when performed by a third-party provider, such services will have a direct impact on a client’s ICFR. For example, if you outsource payroll management to a provider that doesn’t have the proper controls in place, you risk payroll errors in your internal data. This will come with problematic consequences since, in the end, you will be held accountable for those errors.

What Is SOC 2?
The SOC 2 is a separate report that focuses on controls at a service provider relevant to security, availability, processing integrity, confidentiality, and privacy of a system. It ensures that your data is kept private and secure while in storage and in transit and that it is available for you to access at any time. This is a crucial report for any type of data that you entrust with a third-party provider, whether it includes large video files or confidential medical records. The latter case falls under strict compliance rules that require extensive controls. (To learn more, see our blog: The Beginner’s Guide to HIPAA Compliance.) If you use a third-party CRM provider, for instance, the SOC 2 report will verify the provider’s ability to keep the records online and the identity of your customers secure and in line with your own Privacy Policy.

The SOC 1 and SOC 2 reports come in two forms: Type I and Type II. Type I reports evaluating whether proper controls are in place at a specific point in time. Type II reports are done over a period of time to verify operational efficiency and effectiveness of the controls.

Refunds and credits are available from PSE&G for bulidng owners in major N.J. cities call 877 208 0021

THIS CLIENT RECEIVED OVER A $225,000.00  CREDIT   

Subject: New Building and your PSE&G bill.

My company may help you receive credits directly from your utility on your electric bill regardless of who you use for supply. We do not offer supply agreements, our process focuses on the service supplied by PSE&G, ConEd, JCP&L and other utility companies in the United States.

It has been my experience that when a building has new electric service installed, or a move to a different building occurs, the utility may not offer the lowest rate.  You may be in the correct rate group, but how do you know for sure?  Utilities are not obligated; in fact, they state it is not their responsibility to ensure that the customer is in the correct rate as per the tariff on file.

In addition to the above rate issue we look at past bills for errors, or bad meter reads. We have saved money for building owners such as NJIT ($150,000) Kushner, Vornado, First Jersey, and Hilton Realty of Princeton, churches, restaurants such as Checkers, schools such as Memorial Day Nursery in Paterson, companies such as Kyocera MIta ($750,000), The Borough of East Rutherford, and many other businesses throughout the U.S. 

It has been said that 15% of the electric meters in use today are inaccurate, which are a source of refunds for our clients?  I have secured refunds ranging from $1,500.00 to $750,000.00 for my clients.  70% of the time we find refunds.

I hope to speak with you soon.

Paul Reed Steberger

Paul Reed Steberger, President

 

As of 1-2019 we just completed another review for NJIT, and they saved approximately $125,000.00 net.

A $18,000.00 refund from PSE&G for a New Jersey Fortune 500

This documents a refund we secured from PSE&G due to a malfunctioning transformer
a malfunctioning transformer.
40 OT hours   for maintenance staff, Dave @ 37.50 per hour
Transfer switch   was   ruined due to   repeated engagement; during one event it
engaged 81 times in one hour. $1,500.00
Two Intel xeon Hard drives that crashed   due to voltage issues
$4,000.00
1496.00 and 1296.00 for generator repair due to repeated voltage issues
$3,000.00
Fifteen tanks of fuel for generator.
Each tank provides 15 hours = 300 hours/24 hours = nine days.
300   gallons @3.15 per gallon =945.00 12/26/2006
12/29/2006
Two Servers @4k each
Three IT staff members @ 50.00 per hour for 10 hours each $945.00
$8,000.00
$1,500.00
We did not   include management time and MIS staff   time that   was
used during   this event.
REFUND $18,945.00
Completed by Paul Reed Steberger
Applied Utility Auditors LLC
973 208 0020 Fax 973 547 9127
prsaua@msn.com

 

REMOTE WORKER SOLUTIONS ARE NOT ALL THE SAME

                                                                                     LET US  HELP YOU DECIDE WHICH SOLUTION IS BEST FOR YOU     prs@auaus.net

As many business have moved to working from home to stop the rapid spread of the Coronavirus and as there are more temporary laws enacted for businesses to do so, there are important considerations for employers to have regarding setting up work-from-home strategies and whether or not it is the right course of action.

Sending employees to work-from-home offers some challenges including:

  • Loss of in-person meetings
  • Feelings of disassociation from the organization
  • Employee Accountability
  • Employee Supervision

There are ways to temporarily resolve this through creating a remote worker enabled environment. Utilizing Unified Communications and Voice Over IP (VoIP), allows for:

  • Cloud VoIP Calling
  • Remote File Sharing
  • Cloud Desktop Workspace
  • Audio/Video Conferencing for Face-to-Face Meetings
  • Cloud Contact Centers for better client servicing

We have encouraged our employees to work from home and our offices are closed for in-person meetings until March 27, 2020. Luckily, we operate our business in the cloud and so do our clients. This means, they can access their valuable work and communications tools from anywhere with an Internet connection – including cell phones and tablets, meetings systems, and more.

We have received many calls of businesses not set up for full cloud-based operations. If your employees do not have remote access to the tools they need, please call us so we can help you keep your business running! We are available to discuss how to keep your business secure and Voice & IT Disaster Recovery scenarios. If you are one of our valued clients and for any reason need our assistance, please call our office line at (877 208 0021, and we will be there to assist you during normal business hours.

 

A streetlight Refund and future savings for your town is very likely

Monthly Statement JUNE2013        WE SECURED A $ 44,000.00 + REFUND FOR THIS  TOWN
Account number 6985636403

Invoicenumber: 603002799729

For service at
VARIOUSLOCATIONS EASTRUTHERFORDBORONJ 07073

1 855-BIZ-PSEG(249-7734)
Emergencies 24 hours/7days
Business customer service 7 AM – 8 PM Mon- Fri
7 AM – 5 PM Sat

Visit our website www.pseg.com

Inquiries bymail PSE&G POBox14444
NewBrunswickNJ 08906-4444

Important Dates
Your payment
is dueNovember 22, 2013.

Your meter(s) arescheduled to be read onor about December 02.

To makeapayment fromacredit card LogIn to My Account at pseg.comor call 1 800-704-3289

If you’ll beaway onyour meter readingday, LogIn to My Account at pseg.comor call 1
800622-0197beforethe

69 856 364 03

BORO OF EAST RUTHERFORD 1 EVERETTPL
EAST RUTHERFORD NJ 07073-1701

This a refund we secured for a town in North Jresey

Account Summary
PSE&Gbalancefromlast bill $74,824.24
Current PSE&G- Unmetered Charges 959.07
Other PSE&G Charges and Credits – seepg. 4 REFUND -44,890.07
REFUND Total Amount Due On Nov 22, 2013 $30,893.24
PSE&Ghas proposeda $3.9 billi on, 10-year plan to make New Jersey “Energy Strong” andstrengthen utility infrastructurein thefaceof increasingly extremeweather. The programwill create5,800jobsandreducethelikelihoodandimpact of futureoutages. Visit njenergystrong.comto learn more.

Register for PSE&G’s new, free text and email notification service called MyAlerts. Onceregistered, youcan receivepower outageupdates andaccount notifications anywhere, anytime, to anycell phonenumber that is capableof text messaging. Login to My Account at pseg.comandclickon”ManageMyAlerts”. For moreinformation, visit pseg.com/myalerts or seetheenclosed insert.

Please slow down and respect traffic coneswhen you see work being done on the roads. Bepatient andcareful, andfollowthetraffic control warningsaroundjobsites.

scheduled date, to submit your

At PSE&G, we are committed to supporting your business needs.

That’s whywe

reading.

VOUCHER M00E98A

created adedicated, toll-freephonenumber to addressyour energyquestionsandconcerns.
PSE&G’s Business Solutions Center is availableMonday-Friday, 7:00a. -8:00p.m. andSaturday, 7:00a. -5:30p.m. at 1-855-249-7734 (1-855-BIZ-PSEG).