SSAE 16 & SOC1 Reports for Sage X3

By: | Category: ERP

Are your auditors requesting SOC1 compliance reports for Sage X3? Sage Software has released information regarding SSAE 16 and SOC compliance reports via Sage Knowledgebase article 22901.  Because Sage X3 is not a multi-tenant application hosted by the publisher, it is not appropriate for Sage to provide a SOC1 report for Sage X3 under the SSAE certification guidelines (NOTE: Sage Intacct DOES provide a SOC1 report because clients are hosted by Sage on a multi-tenant cloud with Intacct.)

Sage X3 ERP

Does Statement of Auditing Standards SSAE 16 certification apply to Sage products?

Summary

  • Does Statement of Auditing Standards SSAE 16 certification apply to Sage products
  • Does Sage provide an SOC1 report

Resolution

**SSAE 16 effectively replaced SAS 70 as the standard for reporting on service organizations**

  • SOC1 Report (Service Organization Controls Report) is under the SSAE-18 standards.
  • SSAE-18 supersedes SSAE 16.
  • Because Sage products are provided as packaged software solutions rather than as services, SSAE 16 certification does not apply.
  • The Statement on Auditing Standards SSAE 16, Service Organizations, is an auditing standard that was issued by the American Institute of Certified Public Accountants (AICPA).
  • The intent of the standard is to provide a guideline to ensure that adequate controls are in place over service organizations and service providers.
  • SSAE 16 applies when financial statements are audited only if the organization obtains services from another organization. Sage accounting and specialized solutions (such as Sage X3, Sage 100, Sage 500, Sage FAS, Sage 300, Sage Pro, and Sage Business Vision) are provided as packaged software solutions rather than as services.
  • Organizations that use Sage accounting solutions are always in full control of their data – from establishing access, entering information, and producing reports.
  • While organizations may provide data or reports to Sage for specific projects (for example, professional service engagements), no data is ever automatically sent outside of the organization’s control.
  • Under no circumstances is Sage represented as a service provider for retrieving, analyzing, and reporting on any organization’s information.

Additional information

For more information regarding a SOC1 report, please visit: https://www.ssae-16.com/soc-1/ or contact us.

Other Posts You May Like

Chemical Manufacturer Maximizes Technology’s Benefits Through Strategic Partnership with Net at Work

Since 1979, Polycoat Products has transformed from a modest industrial coatings manufacturer to a multi-entity powerhouse. Today, the company boasts over one million square feet of manufacturing space, a vast distribution network, and a robust workforce dedicated to continuous innovation….

Growth in the CFO Office: AI & the Importance of Data

I was fortunate to have two days in Phoenix last week attending the Prophix Live conference.  It was one of the only times I have been to a conference without any colleagues from Net at Work and it was a…

Quick Start Package: Sage Data & Analytics in the Cloud

Reduce time spent on analysis and reporting, and make faster, better-informed decisions. The tight and secure integration of Sage Data & Analytics (SD&A) with Sage ERP† ensures the reliability of critical business information, provides business users with coherent insight on…

View All Sage X3 Insider Articles
   Sage X3 X3 Insider