FSSI is a SSAE-18 Type 2 Certified Company with the Completion of SOC 1, SOC 2 and SOC 3 Reports
FSSI’s print-mail industry SSAE-18 Type II Certification for security and process controls provides clients in highly regulated industries with documentable assurances that their confidential customer data is being handled in accordance with strict industry standards. FSSI has committed to industry-accepted auditing standards since 2007, having earned its first SAS70/SOC 1 (Service Organization Controls) compliance and completing its first SOC 2 audit in 2016. FSSI now maintains all three available SOC reports under the SSAE18 Type 2 examination audit which confirms that, for the period covered, our processes met or exceeded specific objectives for:
- Financial Reporting Controls
- Physical and Environmental Security
- Information Security
- Data Confidentiality and Privacy
- Print, Mail and ePresentment Operational Controls
- Availability and Access Controls
- Subservice Organization Controls
Other security tests FSSI passed in conjunction with the SSAE-18 Type II Certification audit include: network vulnerability, social media, and a risk assessment review. In total, these results affirm FSSI’s commitment to providing clients with best-in-class services, satisfying their mandated security requirements, and vigilantly safeguarding consumer data.
About SSAE-18 Type II Certification and SOC Report Types
SSAE 18 superseded SSAE16 in 2017 as the audit standard for service organization auditors. SSAE 18 was adopted by the American Institute of Certified Public Accountants (AICPA) with the goal of establishing a more uniform quality reporting standard and increasing internal controls over subservice organizations. “Service Organization Controls” (SOCs) refer to the reports supplied to a company’s internal auditors and/or regulators following an audit. SOC reports are identified as 1,2, or 3, depending on the focus and extent of process control testing:
SOC 1 establishes the requirements for business process controls related to financial reporting.
SOC 2 establishes the requirements for Trust Services Principles (TSP) which describes the principles on which the operating effectiveness of a service organization’s controls are measured: security, availability, processing integrity, confidentiality, and privacy.
SOC 3 is a general use report that can be freely distributed to the public based on the SOC 2 which can only be shared internally or under an NDA.