What Is SSAE-18 Compliance?

The Statement on Standards for Attestation Engagements No. 18 (SSAE-18) establishes the standards for how we handle, operate, and control data related to customers and financial reporting. It is a revision of SSAE-16.

There are various frameworks under SSAE-18 called Service Organization Controls (SOC)s. We undergo both SOC 1 and SOC 2 assessments and can provide the resulting compliance reports to clients upon request.

Why Have SSAE-18 Compliance?

Compliance ensures the accuracy of a service provider’s description and implementation of their services. It lets you know that the controls and processes we have set in place are actually followed.

Nexcess SSAE-18 Compliance

Nexcess is externally assessed for SSAE-18 compliance and can supply both SOC 1 and SOC 2 compliance reports.

The Principles of SSAE-18 Compliance

Security means Nexcess systems are protected against unauthorized access, use, or modification.

Availability means our systems are available for operation and match our service-level agreements.

Processing Integrity means that we conduct complete, valid, accurate, timely, and secure system processes.

Confidentiality means that confidential information is treated as such.

Privacy means that any information collected, used, retained, disclosed, or disposed of is done in a way that protects your privacy.

More on SSAE-18 Compliance

The Statement on Standards for Attestation Engagements goes through periodic updates. For the latest information about SSAE-18 compliance, please visit the AICPA website.

Learn More