.png?width=1000&height=250&name=Cornerstone_Advisors_Logo-removebg-preview%20(1).png){kind=logo}
-2.png?width=247&height=320&name=MicrosoftTeams-image%20(36)-2.png)
-2.png?width=247&height=320&name=MicrosoftTeams-image%20(35)-2.png)
SSAE 16 and SOC Report Analysis and Review
Do you know a good SSAE 16 from a bad one?
SSAE 16 audit reports are the most practical way for you to judge your outsourced vendors’ data center security policies, processes, and procedures. Trouble is, they’re really hard for even experienced CIOs to read. Vendors still control the scope of these audits so you might miss that what you receive are merely the results of interviews covering 25 controls when you should expect test results of 75 rules.
Our Certified Information Systems Security Professional (CISSP) will review your vendors’ SSAE 16 report, compare it to our gold standard criteria, calculate the risk score, roll them into our popular vendor risk scorecards and make actionable recommendations to improve your risk profile.
Key Features:
- The proprietary scoring methodology that analyzes year-over-year data center trends and 12 different security criteria
- Includes recommendations to reduce vendor data center risk exposure
- Above and beyond. We go beyond merely looking at data center security. We can also show you data center-specific customer satisfaction ratings.
- Examiner-approved. Every regulatory agency has approved our SSAE 16 review, scoring process, and risk scorecards.
Learn More About Our Vendor Due Diligence Document Collection Services
Schedule a time to talk with one of our Vendor Management Consultants
or, if you’re ready, request a custom pricing proposal
So, What Makes Us Different?
DO IT FOR ME
Let us gather and review your vendors’ SSAE 16 and SCO reports, so you can focus on making the best business decisions based on our recommendations.
WE KNOW WHAT VENDORS WILL CONCEDE
We are in the vendor evaluation business, so we evaluate all aspects of the significant vendors daily. We review vendor financials and attend vendor earnings calls and meet with vendor executives every Friday to get product, company, and security updates. We track vendor wins and losses, monitor changes in market share, evaluate their products, and know about problems before they’re public.
VENDOR INDEPENDENT
Many competing vendor management software and services are resold by your moderate to high-risk vendors.
This means they will only share publicly available information. We on the other hand are Gonzo and share non-public vendor dirt daily, all day. (link to Trouble in the Great White North)