SSAE 16 Exam Standards

Macpage sets the standards for thorough, professional SOC examinations.

Let's face it, nobody would endure the hassle and expense of a SOC exam voluntarily. But since it need's to be done, you might as well do it right. We understand how important a thorough and professional audit can be to the success of your business. Sure, there's a lot of newbies out there providing "drive-by" examinations, but we deliver the true-hands-on expertise and insights that only comes from years of actual work in the field. We do the work on-site and deliver a complete report that you can sign with total confidence.

We know your time is much too valuable to wrestle with the ever-evolving IT environment and complex regulations, and the there's too much riding on the outcome to cut corners. Fill out the Free consultation request today, and see why MacPage is the gold standard rating in the field... and find out why that is so important to you and the well-being of your business.

Macpage Standard Services



The Others

Free Consultation  
Customized Budget to Serve Small and Large Clients 

Proven Three-Step Process (Readiness Assesment)

Engagement Director On-Site  
Facilitate Identification of Control Objectives Developed by client
Develop Description of Controls Developed by client
Develop Draft Report Developed by client
Provide Weekly Status Updates  
Continuos Communication/Accessibility During Engagement  
Scheduled Report Issuance Date within 6 weeks  
On-going Advice at No Extra Fee  
Customized Services for Each Client  


SOC First Timers

Readiness Assessment

The first-year SOC examination process can be an overwhelming task for a service provider. Companies required to have a SOC examination, but unsure if their internal control environment is ready for the audit will benefit from our Readiness Assessment. Readiness Assessments can minimize the unknowns of a SOC examination, help familiarize clients with the SOC examination process, and provide an opportunity to improve internal controls and processes prior to receiving their first opinion.

Collaboration Through Communication

Having a team of experienced professionals to assist clients through the process for the first time will make a drastic difference. The hands-on approach of Macpage opens lines of communication during the examination, and makes the first time experience as simple and worry free as possible. The continuous communication before, during and after the engagement is equally as important.

Macpage offers access to the entire engagement team to clients continuously throughout the process. The regularly scheduled client check-in meetings also address questions, concerns, or improvement opportunities that may arise.

Switching To Macpage

Continuous Communication

Throughout the industry, we often have heard clients mention, "once the auditors leave our office, our audit falls into a big, black hole." Clients may not be aware of the activities that occur after leaving the field in order to issue an audit report.

Scheduled weekly status updates beginning with the engagement planning and continuing through issuance of the final report helps increase communication and manage expectations. Continuous communication outside of the engagement can be equally as important.

Macpage makes the engagement Director and the engagement Manager's cell phone number available to clients, and regularly scheduled client check-in meetings help address information security-related questions, concerns, and opportunities.

Quick Report Issuance

Macpage issues client reports within six weeks of performing audit fieldwork.

Additional Considerations

  • We have seen a trend of service providers who have not had a SOC exam losing clients to their competitors who have had one. Don't lose your valued clients by not having a SOC exam.
  • Mitigate against potential losses from information security risks that you weren't aware you had.
  • We regularly see issues in security vulnerabilities that customers were not aware of or had not been monitoring.
  • Saves you from having your clients audit your environment themselves.
  • We deliver the internal awareness of what your controls are, and provide an overview of the control structure and tests that each control.
  • More and more clients are demanding more transparency from their providers. We deliver insight into the operations and the internal controls that are in place.
  • Stay abreast - or surpass industry expectations and regulations - clients in certain industries expect you to have a SOC exam.
  • Opportunities to increase efficiencies are often noted and provided as additional feedback through the management letter.


SSAE 16 Type 1

SSAE 16 Type 2

The SSAE 16/SOC 1 Type 1 Exam (also known as the "Independent Service Auditor's Report on a Description of a Service Organization's System and the Suitability of the Design of Controls") is the AICPA standard that supersedes the "SAS 70 Audit" standard as of June 15, 2011. Also called an "assessment" or "audit"...

Click here to learn more.

The SSAE 16/SOC 1 Type 2 Exam (also known as a "Type 2 Service Auditor's Report" or "Independent Service Auditor's Report on Description of a Service Organization's System and the Suitability of the Design and Operating Effectiveness of Controls") provides independent, third-party verification of management's assertion that a service organization's policies and procedures were correctly...

Click here to learn more.