The New SSAE 16 (SSAE 18) - Discover the Impact to Third Party Management

On May 1st, 2017, the new SSAE 18 went into effect and replaces the current SSAE 16 program. Assessments moving forward will utilize this new framework and will have an impact on those third parties which are audited. The SSAE 18 standard is created by the American Institute of Certified Public Accountants (AICPA). It is generally requested by financial institutions from third parties, in which they outsource critical components of their business to. This update to the standard will increase the requirements for the third parties and provide more transparency and understanding for financial institutions.

Join us in this discussion to review new requirements of the SSAE18 and its impact on Third Party management. You will learn how to best incorporate the requirements into the process of Third Party management. With new guidance from the OCC, FDIC InTREx, and FFIEC Cybersecurity Assessment Tool, this will be a great session to pull it all together into a consistent program for your institution that addresses today's cybersecurity risks.

Covered Topics:

  • Improvements to the standards include additional controls around:
    • Vendor Management
    • Risk Assessment
    • Complementary Subservice Organization Controls
    • Written Assentation Requirement

A significant component of this standard is the focus on subservice organizations; these are the subcontractors that a third party leverages to support its organization. There has been much regulatory focus around these subcontractors and this new process could relieve some of that burden.

Who Should Attend?

Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CFO, and Executives looking to understand the risk around Third Party Management.