*LOS Gets Security Seal Of Approval*
**By Tony Garritano**
***In an over-regulated world like the mortgage industry has become, security matters. Lenders have to protect the sensitive information about their borrowers. The old answer to this issue was to make sure that your vendor is SAS 70 certified, but that just isn’t good enough anymore. Vendors have to go further and the good vendors are doing just that. For example, Associated Software Consultants, Inc. (ASC), a provider of loan automation, business rules flexibility, SaaS deployment and a single platform for mortgage, consumer and commercial lending now has successfully completed a SSAE 16 SOC 2 Type II audit of its corporate headquarters and its managed hosting services with zero exceptions. Here’s why this is important:
****This evaluation includes a strong set of controls and requirements specifically designed around data center service organizations. The Statement on Standards for Attestation Engagements (SSAE) No. 16, known as SSAE 16, has been put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). Its purpose was to replace an aging SAS 70 standard that needed to be refreshed, but more importantly, one that would keep pace with the growing push towards more globally accepted international accounting standards.
****Companies undergoing an SSAE 16 examination produce a description of their “system” along with providing an Assertion by management. The system includes services provided, along with the supporting processes, policies, procedures, personnel and operational activities that constitute the service organization’s core activities. The “written assertion” by management forms one of the key differences with previous standards which did not require this document.
****“SSAE16 is a much more comprehensive and rigorous standard,” said Joseph Schmigel, Director of Information Technology at ASC. “By meeting the standard, we’re able to provide our customers an even greater measure of confidence that their SaaS deployed loan processing and secondary marketing system infrastructure and business information is being adequately protected in our facilities. “Achieving the SSAE 16 standard symbolizes our commitment to operational excellence and provides our customers with independent validation of the effectiveness of our operations”.
****Successful completion of the SSAE 16 Audit indicates that ASC processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing firm. The examination included the company’s controls related to security monitoring, change management, service delivery, support services, backup and environmental controls, logical and physical access as well as the accuracy of the security, availability, integrity, confidentiality and privacy controls for ASC’s hosted systems.