SAS 70, SSAE 16, SOC & PCI Audits and Compliance
In 2006, we underwent our first audit on our internal operations and controls. While it was important for our clients to gain an understanding of our control environment, it was also our top priority to make sure we had the proper policies and procedures in place to make our services the best as they could be.
In 2011, the SAS 70 was replaced by SSAE 16. Liventus underwent a SSAE 16 Type I audit in 2012 followed 6 months later by a SSAE 16 type II audit, which audits not only the control landscape on a given day, but also the historical element showing that controls were managed over time. We continued with our SOC Type II audits until 2015.
In 2015, Liventus hired Secure State, a company focused on information security to audit our controls, policies and procedures to achieve PCI DSS compliance in our software development as well as data center hosting services.
PCI DSS is the “Payment Card Industry Data Security Standard”. This type of compliance has many requirements and control objectives to ensure network security, data encryption and security, vulnerability management, strong access controls, regular monitoring and testing, and maintaining information security policies. PCI Compliance is a very high standard that sets Liventus above many other IT service organizations.