Today, Openforce announced the completion of a third-party audit report demonstrating full compliance with SSAE 18. The successful audit affirms Openforce’s policies and practices for managing the company’s risk and protection controls along with those of their sub-services providers.
Committed to the utmost levels of integrity and customer satisfaction in same-day courier, trucking, final mile, home care, and other verticals, Openforce’s IC Onboard, IC Pay, IC Complete, and its integrated data analytics platform, IC Insight are managed to the highest standards.
Established for advanced IT service providers, the American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) 1 Type II certification provides Openforce customers with an independent auditor’s unbiased level of assurance of corporate controls as it relates to network and logical security, processing integrity, availability, confidentiality, and privacy.
“The SSAE 18 report serves as a continued endorsement of our market leadership in financial processes and controls for independent contractor management software,” said Drake Pruitt, CEO of Openforce. “Openforce is committed to following security and compliance standards that allow our customers to have the proper assurances in the integrity of our systems and processes, along with those of our suppliers.”
Designed to bring all U.S. standards up to international standards of security compliance, the new requirements set by these regulations are best practices that Openforce has been adhering to for the past six consecutive years.
Four SSAE 18 changes that affect the SOC 1 examination:
- Vendor Management
The most significant change in the requirements that must be met by a service organization is ensuring that its vendor management program for sub-service providers is significantly robust, which monitor the controls at sub-service organizations.
- Risk Assessment
SSAE 18 requires service auditors to obtain a more in-depth understanding of the development of the subject matter than currently required, to better identify the risks of material misstatement in an examination engagement. The goal is to have an improved linkage between assessed risks and the nature, timing, and extent of attestation procedures performed in response to those risks.
- Complementary Sub-service Organization Controls
As more organizations are outsourcing key functions to their own set of subservice organizations, SSAE 18 introduces the concept of “Complementary Subservice Organization” controls. This concept establishes and defines the controls for which user entities must now assume in the design of the system description. SSAE 18 provides more guidance around this area for more consistent reporting across entities and practitioners.
- Written Assertion Requirement
The final change to the SOC 1, per SSAE 18, is that the service auditor obtains a written assertion. This written assertion is the statement found within the SOC report wherein the service organization asserts that the system description provided is essentially true and complete. This statement has always been contained within the SOC 1 reporting document but the requirement that the service organization signs the document was optional.
Today’s on-demand economy is driven by technology that automates processes and transactions to meet the increasing consumer demands for lower cost, high transparency, rapid delivery of goods and services. To meet the challenge, suppliers like Openforce must earn and protect the trust of their customers and supply chain partners. Compliance with audit standards like SSAE 18 are integral to demonstrating that commitment.
“When it comes to proper management of sensitive data related to compliance monitoring, risk management and settlement processing, our customers have complete peace of mind that Openforce has controls and practices in place to ensure the safeguarding of their data,” added Pruitt.