What Is SSAE 18, and How Does it Relate to SOC Reports?

Mar 23, 2022 Continuum GRC 0 Comment

Featured SSAE 18 insights from Continuum GRC. Enhance 2025 compliance with top GRC software, risk assessment, and AI-powered cybersecurity defenses.

SSAE 18 is a statement that sets standards for reporting on the controls and processes related to financial reporting. It comes from the American Institute of Certified Public Accountants, outlining the framework for reporting on internal controls. The SSAE 18 is designed to provide assurances that the reporting of service organizations is secure, thorough, and on point. For SOC reports, an SSAE 18 statement outlines controls to ensure they’re reliable.

Most organizations have at least heard of SOC reports. Published and administered by the American Institute of Certified Professional Accountants (AICPA), the SOC umbrella of attestations helps organizations demonstrate adherence to best practices around data privacy, cybersecurity, risk assessment and financial reporting.

Since SOC requirements come directly from the AICPA, the organization releases documents pertaining to guidance for audits and compliance. One of the primary documents for SOC compliance is Statement on Standards for Attestation Engagements no. 18 (SSAE 18).

What Does it Mean to be FISMA Compliant?

Jan 19, 2022 Continuum GRC 0 Comment

Featured FISMA insights. Enhance 2025 cybersecurity with Continuum's FISMA-ready GRC software and risk assessment.

The Federal Information Security Act, or FISMA, is a comprehensive cybersecurity law that has a widespread impact on federal agencies, state agencies handling federal programs and contractors and service providers working with these agencies. As such, its effect is wide-ranging, and FISMA requirements often overlap or inform other, more specific compliance frameworks.

However, at its core, FISMA dictates some of the basic and most fundamental cybersecurity practices that governed organizations must adhere to. Learn more about what it means to meet FISMA compliance.

How Can My Company Prepare for CPRA?

Dec 30, 2021 Continuum GRC 0 Comment

Featured CPRA resources. Continuum's 2025 tools for CPRA, GDPR, and cybersecurity governance.

In November 2020, California voters approved Proposition 24, including the California Privacy Rights Act, or CPRA. This law amends and expands regulations under the original California Consumer Privacy Act (CCPA).

One question that affected businesses asks is, “how can I prepare for CPRA compliance?” With the law taking effect on January 1, 2022, the clock is ticking, and many organizations are looking for ways to complete final compliance preparations.

Here, we will talk about some of the basic steps for CRPA compliance.