With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye than we live in today. From insider scandals to outside threats, the protection of corporate and personal information is the corner stone of information security compliance. Increased flexibility and access to information creates new risks that need to be taken into consideration; standard operating procedures are no longer good enough, organizations need to incorporate regulations and define authorizations to ensure they maintain an appropriate level of security. This change in the way companies’ data is accessed and transmitted has propelled the SSAE 16 audit in significance across third party service providers and their Customers.
Each year, Benefit Management, LLC completes an SOC 1 Type II audit. The successful completion of the SOC 1 Type II audit demonstrates that BML has adequate controls and safeguards when they host or process financial data belonging to their clients. This accreditation reflects the significant investments BML has made in technology, staffing and quality assurance programs.
Industry consultants indicate that less than 10% of all TPA’s nationwide successfully completes SSAE 16 audits.
What is an SSAE 16 Audit?
Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) that addresses engagements undertaken by a service auditor for reporting on controls at organizations (i.e., service organizations) that provide services to user entities, for which a service organization’s controls are likely to be relevant to a user entities internal control over financial reporting (ICFR).
The SSAE 16 certification provides confidence that:
- The service organization’s description of its controls presents fairly, in all material respects, the relevant aspects of the service organization’s system that had been place in operation as of a specific date.
- Controls were suitably designed to achieve specified control objectives.
- Controls were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the period specified.
The rigorous SOC 1 Type II examination, which included detailed testing of BML’s controls, was performed by an independent licensed Certified Public Accounting firm that specializes in conducting SOC reports, PCI DSS Compliance, FISMA, NIST, and other regulatory information security assessments. The auditor examined BML’s controls related to network connectivity, firewall configuration, secure software development life cycle, computer operations, database access, data transmissions, backup, disaster recovery, physical security, as well as the on-boarding, handling, and administration of client health plans, and more.
Request an SSAE 16 Report
Copies of our most recent SSAE 16 report are available to current and prospective clients. To request a copy please contact:
Vice President Accounting
P.O. Box 1090
2015 16th Street
Great Bend, KS 67530