QuickBase Completes SSAE 16 Audit! Huh?

QuickBase just completed an SSAE 16 audit for 2011! Woohoo! But what does this mean? It means independent auditors assessed QuickBase and issued an industry-standard report providing assurance to our customers that QuickBase has policies and procedures in place to protect their data and applications. This is especially important for QuickBase because many of our customers use our platform for business-critical apps. It also means that customers can rely on the information in this report instead of having to conduct their own audits.

You may have noticed the SAS 70 logo on our website in the past – this is because we’ve asked a third-party to audit QuickBase since 2009. This year the organization responsible for setting SAS 70 audit guidelines, The American Institute of Certified Public Accountants (AICPA), superseded SAS 70 with SSAE 16, which is designed to bring U.S. service organization reporting up to date with international standards. What’s the difference between SAS 70 and SSAE 16? Basically, SSAE 16 doesn’t allow companies to use previous audits towards new reports and company management must provide an attestation that the documentation they provide to auditors is accurate.

In both SAS 70 and SSAE 16 examinations, QuickBase provided the third-party auditor with information about a wide variety of things from policies about background checks for prospective employees, to redundant power systems and access restrictions at our data centers, and encryption of our data. This year’s SSAE 16 examination also involved an onsite visit to our Waltham headquarters as well as a visit to our Quincy Data Center in late June 2011. These visits included inspections of the physical and environmental security at our facilities, back-up procedures, server and network operations, information security, and change control processes and procedures. The auditors also examined information we provided about these systems in order to verify that our descriptions are fair and accurate and that the controls we have in place achieve their intended purposes.

We’re pleased to report that the auditors found “no exceptions” during their testing, which means they can verify that QuickBase does what it says it will do! We are happy to share the detailed SSAE 16 report with customers who sign a Non-Disclosure Agreement with us. If you’re interested in obtaining the report, please contact your business development manager, QuickBase Coach, or submit a support ticket.

Rhonda Swain

As Intuit QuickBase’s Compliance Officer I’m responsible for security, business continuity planning, risk assessment and compliance. Outside of work I like to cook, read, travel and, on really nice days, ride my motorcycle.

More Posts

  • John Kellgren

    Most people probably don’t realize the possible ramifications of having the Quickbase platform certified, but this is really big event for some of us…especially dealing within the medical industry.

    Great effort.

    [Reply]

  • Rhonda Swain

    Thanks for your comment – the SSAE 16 is definitely a big deal for us!  We always like hearing that customers appreciate it too.

    [Reply]

  • Laszlo Budavolgyi

    Great news, indeed. We are in pharma industry and I’d like to use QB in GxP environment. Do you have any reference of using QB in GxP or  FDA regulated environment?

    [Reply]

  • Jkellgren

    Quickbase now has their end covered in relevance to the platform and the communications part.  The part that still needs to be in HIPPA compliance for the application is the consumers part.

    [Reply]

  • ssae16audit

    I really like your blog site and appreciate the given information about SSAE 16 Audit. We also provide SSAE 16 services to client all over the globe. You can inform us for the further posts about SSAE 16 audit and other standards and visit our official website http://www.ssae16-audits.com/ for more information about SSAE 16 Resources.

    [Reply]