SSAE 16 Compliant
PayJunction is a PCI Level 1 compliant service provider. Our primary processing centers that store, process and transmit cardholder data are required to be SSAE16 compliant Type II per our annual PCI audit. Therefore, because we are Level 1 PCI compliant, inherently, our infrastructure is SSAE16 Type II certified. You can find PayJunction PCI Level 1 compliance on the following website:
- Search "PayJunction"
What Being SSAE 16 Compliant Means to Our Merchants
A SOC1/SSAE16 Type II service audit is a rigorous standard for ensuring all proper controls are valid, in place and enforced. In short, it means you enjoy peace of mind.
What Exactly Are SOC1 and SSAE16?
SOC1 is short for "Service Organization Control 1" reports and SSAE16 is short for "Statement on Standards for Attestation Engagements No. 16," an auditing process developed by the American Institute of Certified Public Accountants, the National Professional Association of CPAs, with members in business and industry, public practice, government, education, student affiliates and international associates. AICPA (www.aicpa.org) sets ethical standards for the profession, and U.S. auditing standards for audits of private companies, federal, state and local governments, and nonprofit organizations. It also develops and grades the Uniform CPA Examination.
SOC1 and SSAE16 compliant (replacing the former SAS 70) are designed to allow auditors to review the processes and procedures, known as controls, established by service organizations. Independent auditors review the control objectives and activities to ensure they are valid and enforced.
A control is a method used to ensure a policy or procedure established by a service organization is followed to protect data center customers. Building access and security, data center access and security, data storage, customer information security, and change procedures of hardware and software are just some of these controls.
Type II Audits
- SSAE16 Type II is a "Report on Management's Description of a Service Organization's System and the Suitability of the Design and Operating Effectiveness of Controls" and measures the validity of the controls and how they are executed over a designated time frame.
Ongoing SSAE16 compliant Type II audits ensure we are staying up to date as technology and business needs change. Audits are performed by independent auditors to ensure we are continuing to create and implement proper controls.