1.866.669.6561

check

SOC 1 (SSAE 18) Type 2 Service Organization's Assertion Statement

Assertion Statement

We have prepared the description of (Sample Service Organization)’s (type or name of) system (description) for user entities of the system during some or all of the period December 1, 2011 to May 31, 2012, and their user auditors who have a sufficient understanding to consider it, along with other information, including information about controls implemented by user entities of the system themselves, when assessing the risks of material misstatements of user entities’ financial statements. We confirm, to the best of our knowledge and belief, that

a.    the description fairly presents the (type or name of) system made available to user entities of the system during some or all of the period December 1, 2011 to May 31, 2012 for processing their transactions (or identification of the function performed by the system). The criteria we used in making this assertion were that the description

i.    presents how the system made available to user entities of the system was designed and implemented to process relevant transactions, including

(1)    the classes of transactions processed.

(2)    the procedures, within both automated and manual systems, by which those transactions are initiated, authorized, recorded, processed, corrected as necessary, and transferred to the reports presented to user entities of the system.

(3)    the related accounting records, supporting information, and specific accounts that are used to initiate, authorize, record, process, and report transactions; this includes the correction of incorrect information and how information is transferred to the reports presented to user entities of the system.

(4)    how the system captures and addresses significant events and conditions, other than transactions.

(5)    the process used to prepare reports or other information provided to user entities’ of the system.

(6)    specified control objectives and controls designed to achieve those objectives.

(7)    other aspects of our control environment, risk assessment process, information and communication systems (including the related business processes), control activities, and monitoring controls that are relevant to processing and reporting transactions of user entities of the system.

ii.    does not omit or distort information relevant to the scope of the (type or name of) system, while acknowledging that the description is prepared to meet the common needs of a broad range of user entities of the system and the independent auditors of those user entities, and may not, therefore, include every aspect of the (type or name of) system that each individual user entity of the system and its auditor may consider important in its own particular environment.

b.    the description includes relevant details of changes to the service organization’s system during the period covered by the description when the description covers a period of time.

c.    the controls related to the control objectives stated in the description were suitably designed and operated effectively throughout the period December 1, 2011 to May 31, 2012 to achieve those control objectives. The criteria we used in making this assertion were that

i.    the risks that threaten the achievement of the control objectives stated in the description have been identified by the service organization;

ii.    the controls identified in the description would, if operating as described, provide reasonable assurance that those risks would not prevent the control objectives stated in the description from being achieved; and

iii.    the controls were consistently applied as designed, including whether manual controls were applied by individuals who have the appropriate competence and authority.

More Information