QuickBase just completed an SSAE 16 audit for 2011! Woohoo! But what does this mean? It means independent auditors assessed QuickBase and issued an industry-standard report providing assurance to our customers that QuickBase has policies and procedures in place to protect their data and applications. This is especially important for QuickBase because many of our customers use our platform for business-critical apps. It also means that customers can rely on the information in this report instead of having to conduct their own audits.
You may have noticed the SAS 70 logo on our website in the past – this is because we’ve asked a third-party to audit QuickBase since 2009. This year the organization responsible for setting SAS 70 audit guidelines, The American Institute of Certified Public Accountants (AICPA), superseded SAS 70 with SSAE 16, which is designed to bring U.S. service organization reporting up to date with international standards. What’s the difference between SAS 70 and SSAE 16? Basically, SSAE 16 doesn’t allow companies to use previous audits towards new reports and company management must provide an attestation that the documentation they provide to auditors is accurate.
In both SAS 70 and SSAE 16 examinations, QuickBase provided the third-party auditor with information about a wide variety of things from policies about background checks for prospective employees, to redundant power systems and access restrictions at our data centers, and encryption of our data. This year’s SSAE 16 examination also involved an onsite visit to our Waltham headquarters as well as a visit to our Quincy Data Center in late June 2011. These visits included inspections of the physical and environmental security at our facilities, back-up procedures, server and network operations, information security, and change control processes and procedures. The auditors also examined information we provided about these systems in order to verify that our descriptions are fair and accurate and that the controls we have in place achieve their intended purposes.
We’re pleased to report that the auditors found “no exceptions” during their testing, which means they can verify that QuickBase does what it says it will do! We are happy to share the detailed SSAE 16 report with customers who sign a Non-Disclosure Agreement with us. If you’re interested in obtaining the report, please contact your business development manager, QuickBase Coach, or submit a support ticket.