NetSuite Provides an SSAE 16 (SOC1)/ISAE 3402 Type II Report
NetSuite provides an SSAE 16 (SOC1)/ISAE 3402 Type II audit report to its customers prepared by and audited by a Big Four audit firm. This report, commonly referred to as Service Organization Controls report, or SOC 1, is conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and International Standard on Assurance Engagements 3402, "Assurance Reports on Controls at a Service Organization", issued by the International Auditing and Assurance Standards Board. Those standards require that the independent auditors plan and perform their examination to obtain reasonable assurance about whether, in all material respects, NetSuite's description of its system is fairly presented, its controls were suitably designed and were operating effectively to achieve the stated control objectives in the report. Additionally, the report provides information on NetSuite's Business Continuity Strategy.
Our SOC 1 audit documents that we have been through an in-depth audit of our control environment, including controls over data and network security, logical security, backup and restoration procedures, system availability, application development, and customer authentication. The requirements of Section 404 of the Sarbanes—Oxley Act of 2002 make an SSAE 16 (SOC1)/ISAE 3402 Type II audit report essential to the process of reporting on the effectiveness of internal control over a company's financial reporting.