Frequently Asked Questions About SSAE 18 Type II Certification

Since 2010, SSAE 18 is the new set of accounting reporting standards issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). SSAE 18 Type II certification indicates that a company has adequate security controls to handle financial information responsibly. It is a replacement for SAS 70, a widely used set of reporting standards that AICPA discontinued in early 2010. All publicly traded institutions need to work with SSAE 18 Type II certified companies when contracting IT services.

SSAE 18 standards provide a number of important updates to SAS 70. The most significant change is in terminology; while SAS 70 required auditing, SSAE 18 requires attestation, and participating businesses need to thoroughly demonstrate their capabilities in order to qualify. Businesses also need to show an ability to adapt to new security challenges and to monitor data usage. When compared with SAS 70, SSAE 18 is much more strict. The updated guidelines are very similar to ISAE 3402, an international set of reporting standards.

Regardless of whether your company is publicly traded, you should carefully inspect your IT contractors' security credentials. Data recovery providers handle thousands of terabytes of data each year including sensitive payment information, personal pictures, company databases and more. Certification shows that a provider can prevent data leaks from compromising your confidentiality.

By working with an SSAE 18 Type II certified company, you can ensure that your provider will take appropriate precautions to protect your data throughout the recovery process.

Not necessarily. While SSAE 18 Type II is a strict set of attestation standards, it is not equivalent to compliance in some circumstances.

However, Secure Data Recovery Services holds a number of other credentials. We can work closely with your business to ensure compliance. Contact our customer service team for details.

Yes. As the industry's most reliable provider, we offer an expansive set of secure options when returning recovered data. Our teams can transfer small amounts of data via secure FTP, and we can use the encryption method of your choice when returning data on physical media.