News
Prolexic Successfully Completes SOC 1 and SOC 2 Examinations
October 2013 by Marc Jacob
Prolexic announced today that it has successfully completed its Type 2 SOC 1 examination, commonly referred to as SSAE (Statement on Standards for Attestation Engagements) 16, and its Type 2 SOC 2 examination, formally known as a Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. Prolexic also simultaneously completed the ISAE 3402 examination, which is the international equivalent of SSAE 16.
“Prolexic continues to assure customers of the integrity of our internal processes by submitting to these examinations,” said Stuart Scholly, president at Prolexic. “By proving that Prolexic adheres to these stringent security standards, we make it easier for companies with strict compliance regulations to work with us and adopt our DDoS protection solutions.”
SSAE 16 is a standard issued by the American Institute of Certified Public Accountants (AICPA). Prolexic successfully completed an SSAE 16 examination, formally known as a Reporting on Controls at a Service Organization (SOC 1). The examination was performed by BrightLine CPAs & Associates, Inc., an independent CPA firm, for the distributed denial of services attack mitigation services offered by Prolexic. This exam covered the review period of August 1, 2012, to July 31, 2013.
SOC 2 is also a standard issued by the American Institute of Certified Public Accountants (AICPA). Prolexic successfully completed a Type 2 SOC 2 examination, formally known as Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. Prolexic was examined under the selected SOC 2 principles of security and confidentiality. Meeting this standard shows Prolexic is protected against unauthorized access, both physical and logical, and shows that the company protects confidential information as committed or agreed. The Type 2 SOC 2 covered the review period of August 1, 2012, to July 31, 2013.
About SSAE 16
SSAE No. 16, Reporting on Controls at a Service Organization (AICPA, Professional Standards, AT sec. 801) is an attestation standard that establishes the requirements and guidance for reporting on controls at a service organization relevant to user entities’ internal control over financial reporting. The controls addressed in SSAE No. 16 are those that a service organization implements to prevent, or detect and correct, errors or omissions in the information it provided to user entities.
SSAE No. 16 superseded the SAS 70 audit standard in mid-2011. It is the adopted version of the International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization, for use in the United States.
About SOC 2
SOC 2, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, is an attestation report on controls at a service organization relevant to the security, availability, or processing integrity of a system or the confidentiality or privacy of the information processed for user entities. Type 2 SOC 2 reports focus on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls. SOC 2 examinations may only be performed by a licensed CPA firm.
