Interactive Intelligence Statement of SSAE 16 Compliance
Interactive Intelligence is an SSAE 16 compliant cloud service provider, as has been verified by a credited independent auditing firm.
Interactive Intelligence has received the Service Organization Control (SOC) 2 report based upon the Trust Services Principles, which tests and reports on the design and operating effectiveness of a service organization’s controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.
Compliance is based on the standard developed by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) known as Statement on Standards for Attestation Engagements (SSAE) No. 16. SSAE 16 replaced the former SAS 70 and addresses engagements undertaken by a service auditor for reporting on controls at service organizations that provide services to user entities.
Interactive Intelligence and its Communications as a Service undergo a comprehensive SSAE16 SOC2 type II audit by CliftonLarsonAllen LLP, concluding in an independent service auditor’s report, on an annual basis.
The current report is available upon request and requires a fully executed non-disclosure agreement to be in place.
About SSAE 16
SSAE 16 is an improvement to the former standard for Reporting on Controls at a Service Organization, the SAS70, with some changes designed to bring companies in the US up to date with new international service organization regulations. SSAE 16 introduces new reporting requirements for service organizations while also illustrating an adoption and convergence of accounting standards between the U.S. based framework and the globally accepted principle (ISAE 3402) for reporting on controls at service organizations.
About a SOC 2 Report – Trust Services Principles
The Service Organization Control (SOC) 2 Report is performed in accordance with AT 101 and based upon the Trust Services Principles, with the ability to test and report on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls. The SOC 2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system, as opposed to SOC 1/SSAE 16 which is focused on the financial reporting controls.
The Trust Service Principles are modeled around four broad areas: Policies, Communications, Procedures, and Monitoring. Each of the principles has defined criteria (controls) which must be met to demonstrate adherence to the principles and produce an unqualified opinion (no significant exceptions found during your audit).
Many entities outsource tasks or entire functions to service organizations that operate, collect, process, transmit, store, organize, maintain and dispose of information for user entities. SOC 2 was put in place to address demands in the marketplace for assurance over non-financial controls.