SSAE 18 Type II Certification

SSAE-18 Type II (SOC 1 & SOC 2)

SSAE-18 Type II Certification

FSSI is an SSAE-18 Type II Audited Certified Printing Company

SSAE-18 Type II is an audit for security and process controls. It provides clients in highly regulated industries documentable assurances that their confidential customer data is being handled correctly. This is completed in accordance with strict industry standards. FSSI has committed to industry-accepted auditing standards since 2007. We earned our first SAS70/SOC 1 (Service Organization Controls) and SOC 2 audit in 2016. FSSI now maintains all three available SOC reports under the SSAE-18 Type 2 examination audit which confirms that, for the period covered, our processes met or exceeded specific objectives for:

  • Financial Reporting Controls
  • Physical and Environmental Security
  • Information Security
  • Data Confidentiality and Privacy
  • Print, Mail and ePresentment Operational Controls
  • Availability and Access Controls
  • Subservice Organization Controls

Other security tests FSSI passed in conjunction with the SSAE-18 Type II Certification audit include network vulnerability, social media, and a risk assessment review. In total, these results affirm FSSI’s commitment to providing clients with best-in-class services, satisfying their mandated security requirements, and vigilantly safeguarding consumer data.

What is SSAE-18 Type II Certification?

SSAE 18 superseded SSAE16 in 2017 as the audit standard for service organization auditors. SSAE 18 was adopted by the American Institute of Certified Public Accountants (AICPA) with the goal of establishing a more uniform quality reporting standard and increasing internal controls over subservice organizations. “Service Organization Controls” (SOCs) refer to the reports supplied to a company’s internal auditors and/or regulators following an audit. SOC reports are identified as 1,2, or 3, depending on the focus and extent of process control testing:

SOC 1 establishes the requirements for business process controls related to financial reporting.

SOC 2 establishes the requirements for Trust Services Principles (TSP) which describes the principles on which the operating effectiveness of a service organization’s controls are measured: security, availability, processing integrity, confidentiality, and privacy.

SOC 3 is a general use report that can be freely distributed to the public based on the SOC 2 which can only be shared internally or under an NDA.

For more information about testing, standards, and reporting visit the SSAE-18 Type II Certification website or  Learn more about our secure print production environment.