The Leader in Software & Facility Security for 1099, W-2, & 1042-S Tax Forms.

1099 Pro Security

SSAE 18 SOC I Type II Certified

1099 Pro - SOC I Type II Security

SSAE 18 SOC 1 Type II Security


  • SSAE 18 - Statement on Standards for Attestation Engagements No. 18.
  • SOC I - Service Organization Control Report No. 1
  • Type I - Audit of a system on a specified date
  • Type II - Audit of a system throughout a specified time period


The SSAE 18 is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA).

SSAE 18 SOC I Type II is a high-level security certification requiring a stringent audit process. 1099 Pro’s hosting and data facilities have passed this difficult audit without exception, ensuring that your data is secure when using any of our software or services. The SSAE 18 effectively replaces the SSAE 16 (Formerly SAS 70) for reporting periods ending on or after May 1, 2017.

This standard applies to engagements undertaken by a Service Auditor for reporting on controls at organizations like 1099 Pro which provide services to their customers. The controls in place at service organizations are likely to be relevant to a customer's internal control over financial reporting (ICFR).


The SSAE 18 requires certain enhancements in addtion to the SSAE 16 report - such as the additional requirement of Risk Assessment evaluation, New Complementary User Entity Controls (CUESs) to ensure control to the product/service, and an extension to the audit process that includes further understanding of our service.

Additionally, the SSAE 18 requires a Written Assertion by management be provided to the Service Auditor. In this document, management must assert that the system description and control objectives included therein are a fair presentation for the time period specified in the SOC 1 report.

SOC 1 reports are performed and issued under the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) as explained above. The controls addressed in a SOC 1 report are those that a service organization like 1099 Pro implements to prevent, detect, and correct errors or omissions in the information it provides to customers.

Type II indicates that the service organization's system was suitably designed to achieve stated control objectives and to operate effectively throughout a specified time period. Type I refers to a system designed for implementation on a specific date, rather than throughout a specified time period.

For further information, or report details, please contact the 1099 Pro Service Bureau.

The Service Bureau
Phone: (888) 776-1099 (select option 3)