Extracting Information from an SSAE16
Gain important knowledge about properly understanding these reports to better control risk management in outsourced relationships and make more effective decisions.

In today’s technology-driven world, we continually look at outsourcing relationships to provide our institution and our customers with new products and services. The confidentiality, integrity and availability of customer data remains our responsibility regardless whether it’s in-house or outsourced. This discussion will explore the complexities of an outsourced relationship, threats against customer data and controls used to mitigate risk.

Why Attend?
The American Institute of Certified Public Accountants (AICPA) has retired the Statement on Auditing Standards No. 70 (SAS 70) with a new process containing 3 Service Organization Control reporting types. These include the Service Organization Controls No. 1 (SOC1), Service Organization Controls No. 2 (SOC 2) and Service Organization Controls No. 3 (SOC 3) report types. Employees responsible for vendor management and third party management will gain important knowledge about properly understanding these reports to better control risk management in outsourced relationships. Members of management will obtain a clear understanding of risks to customer information and importance of SSAE16 reports. This discussion will empower management teams to make more effective decisions.


Financial institutions rely heavily on the information contained in SSAE16 reports to understand and manage risk. This discussion will explore the following:

  • Technology outsourcing trends
  • Threats from outsourcing
  • Retired SAS70 and why
  • Purpose of new SSAE16
  • Report types (SOC1, SOC2 and SOC3)
  • Shortcomings in SSAE16
  • Extracting value from reports


Chief Technology Officers, Information Security Officers, CFOs, Compliance Officers, Risk Managers and Auditors at third-party service providers or user entities of third-party service providers.


Jerry McClurg, CISSP, CISA, CEH, is an IT Consultant for Secure Banking Solutions (SBS) and adjunct faculty member at the University of Arkansas Fort Smith. Jerry’s educational history includes a Bachelor’s degree in Psychology, a master’s degree in Information Technology and is currently pursuing a doctoral degree in Educational Technology. Using real-world cyber-attack techniques, Jerry has successfully compromised hundreds of corporate networks and provided education to them.

Credit Information

Institute of Certified Bankers: Visit http://www.icbmembers.org/login.aspx for instructions regarding self-reporting. Estimated credits: 2 CE Credits.


Live Webinar:

Member price: $265.00 | Non member price $530.00

On-Demand Webinar

Member price: $280.00 | Non member price $560.00


Online: Visit the CBA Webinar Catalog

Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)

1516 Xavier St., Ste 500, Denver, CO 80204

Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)

Please Note:

  • Preferred Payment Method: Online
  • Please register online or by phone when paying with a credit card
  • Payment Must Accompany Registration – Invoices are Not Provided

Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.