SSAE 18 Compliance

XIFIN, Inc. is committed to a policy of ensuring adequate controls and safeguards are in place when delivering and supporting data belonging to its customers. The company has successfully completed all its SSAE 18 (formerly SSAE 16 or SAS 70) audits, as determined by an independent accounting and auditing firm, since first undergoing the process, in 2009. This designation distinguishes XIFIN as a provider of reliable software and services, built upon a solid set of operational controls and business processes. The audit helps assure XIFIN customers that their transactions and business information are safeguarded against loss and protected from disaster, fraud, or tampering.

What Is SSAE 18?

Statement on Standards for Attestation Engagements no. 18 (SSAE 18) is the new "attest" standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). SSAE 18 supersedes SSAE 16, which in turn superseded the SAS 70 audit standard. A service auditor's examination performed in accordance with the SSAE 18 standard is widely respected, because it represents that a service organization has been through an in-depth audit of its control objectives and control activities, which often include controls over information technology and related processes. SSAE 18 represents an adoption towards more globally accepted accounting principles, which clearly can be seen when comparing the new U.S. standard from the AICPA to that of its international equivalent, ISAE 3402, put forth by the International Auditing and Assurance Standards Board (IAASB), a standard-setting board of the International Federation of Accountants (IFAC). In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SSAE 18 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting. For information on the original SAS 70 standard,  please visit