James P. Bergeron, CEO at First To File (www.firsttofile.com), says:

I realize that it’s nearly impossible to keep track of all the certifications, audits and acronyms in the IT world. However, the SSAE 16 audit, which was introduced in June 2011, has quickly become the gold standard, and “Good Housekeeping” seal of approval for customers seeking vendors who can demonstrate and offer consistent and reliable security protocols, software development standards, and operational standards necessary to support the needs of global customers.

First To File, an IP data management technology company based in San Mateo, CA, recently went through the process to complete an SSAE16 audit for the third time (SAS70 II for two of those times), passing without exception. Even though it’s a fairly arduous process, we have found it is the best way to demonstrate to large corporations and law firms that we maintain the most stringent controls needed to provide the highest levels of quality, security, and service.

Our clients have invested thousands to millions of dollars in their IP assets; often betting the company’s future on those assets. Since the associated IP documents represent huge value and risk if compromised, they are understandably concerned with obtaining assurances that their data will be managed securely. The SSAE16 audit plays an important role in our giving clients the peace of mind they need to trust our technology. The continued rapid growth of Software as a Service (“SaaS”) as a software delivery model (Gartner Group expects SaaS sales to again double from $10B in 2010 to $20B+ by 2015) is further evidence for the importance of independent security protocols and requirements such as the SSAE16 to ensure reliability to those purchasing SaaS technology. It’s particularly critical for those technologies managing intellectual property.

The SSAE16 Service Auditors’ Report includes a detailed description of First To File’s controls and an independent assessment of whether the controls are suitably designed, utilized in operation, and operating as described.

SSAE16 is the New, Improved Version of SAS70
How does the SSAE16 audit differ from the other service audit, SAS 70, and why should this be important to you as an IT manager? Basically, both the SAS 70 and SSAE16 are audits conducted by authorized independent accounting firms which are members of the AICPA – American Institute of CPAs. The assessments look at the internal controls of a service organization to verify and provide assurance that the vendor’s claims about services are actually true. The SSAE16 is the new improved version of what was formerly the SAS 70, carrying more stringent guidelines to ensure that the service organization’s policies and procedures were correctly designed and operating effectively enough throughout the period specified by the report.

Simply put, companies who complete an annual SSAE16 examination are able to demonstrate a substantially higher level of assurance and operational accountability than companies which do not. Specifically within the IP industry, clients want to know that their sensitive documents are secure. Entities that are able to provide an SSAE16 report allow their clients to decrease their risk to these incredibly important assets of any corporation or law firm. They do so without having to do an audit themselves, which saves both time and money.

For First To File, undergoing the SSAE16 audit process has been a tremendous investment, both in terms of time and money. By making it our critical mission to protect our clients and their data, it was a no-brainer to invest in having the third party audit conducted. From our standpoint, passing the SSAE16 audit is not optional – it’s mandatory.

About the Author
James P. Bergeron, is CEO at First to File, the leading provider of secure IP management services to corporations and law firms. He is a frequent speaker and writer on topics related to IP data management. Email him at jbergeron@firsttofile.com.