Compliance
  Governance
  Risk-Management
  Security
News


< Back

Compliance : Sarbanes Oxley : Technology : Financial Controls

BlackLine Systems Completes SOC Security and Availability Audits



SOC 2, SOC 3 audit 1st for account reconciliation, financial close software; 3rd-party validation from Moss Adams ensures highest level of security, effective controls in place for BlackLine Financial Close Suite clients

Mario Spanicciati
Executive VP of Operations
and Executive Director of EMEA
BlackLine Systems

Four years after becoming the first account reconciliation/financial close software provider to successfully complete a SAS 70 (now Statement on Standards for Attestation Engagements No. 16  or SSAE 16 SOC 1) audit, the internationally recognized standard developed by the American Institute of Certified Public Accountants (AICPA) to set guidelines for auditors to use in order to objectively assess the internal controls of service organizations, BlackLine Systems is now also first in its space to successfully complete a SOC 2 Type 2 examination – adding even greater focus on controls related to the security and availability of the BlackLine Financial Close Suite, and demonstrating the operating effectiveness of these controls over the entire period of the audit.

“In today's global economy, service providers must prove that they have sufficient controls and safeguards in place when they host or process data belonging to their customers.  Using a provider like BlackLine, that has met the requirements and criteria of the SOC 2 Type 2 examination, should be a non-negotiable factor,” said Chris Kradjan, a partner with Moss Adams LLP, the tax, accounting and consulting firm that conducted the BlackLine audit.  “The SOC 2 Type 2 audit sets providers like BlackLine apart from the rest.”

Service Organization Control (SOC) reports are internal control reports on the services provided by a service organization designed to provide valuable information to help users assess and address the risks associated with an outsourced service.  BlackLine also has obtained a follow-on SOC 3 report based on the same security and availability principles covered in the SOC 2 audit.  The SOC 2 and 3 reports are based on Trust Services Principles (TSP)which are designed to provide customers with assurance that a provider’s technology, systems and controls provide security, availability, confidentiality, processing integrity and/or privacy in accordance with the AICPA TSP 100 and AT section 101 of the AICPA attestation standards.

Moss Adams’ most recent audit of BlackLine reaffirms the company’s commitment and adherence to stringent, third-party requirements and processes surrounding its flagship financial close Software-as-a-Service (SaaS) suite.

“Choosing a service provider that adheres to auditing standards set forth by the AICPA is becoming increasingly important as more companies move to SaaS where sensitive corporate data is hosted by third parties,” added Kradjan.  “This is especially important for large public and global companies that have sensitive information hosted offsite and that have to comply with Sarbanes-Oxley or other international reporting regulations.”

In the case of BlackLine, both the BlackLine application and data center/hosting provider have gone through their own respective, successful Type 2 audits.  Furthermore, the scope of the BlackLine audit includes control objectives involving organization and administration, physical and environmental controls, logical security, system development, client implementation, data integration, system availability and disaster recovery.

“Having a third party come in and conduct these important audits each year confirming the operating effectiveness of our security and availability reinforces that BlackLine is offering clients an enterprise-class SaaS application,” Mario Spanicciati, executive vice president of operations and executive director of EMEA, BlackLine Systems, said.  “Moss Adams’ stamp of approval is further testament to our commitment to deliver the highest level of services in an effort to provide a reliable, secure, high performance application to our growing global client base.”

In conjunction with its existing SOC 1Type 2 audit report, BlackLine also has successfully completed an International Standard on Assurance Engagements No. 3402 (ISAE 3402) examination using the standards set forth by the International Auditing and Assurance Standards Board (IAASB).  The ISAE 3402 audit shows that BlackLine has system controls in place and operating effectively in compliance with international standards.

For more information on SOC audits and reports, visit the AICPA.

BlackLine Systems was the first to develop and offer a commercially available Balance Sheet Account Reconciliation solution.  An experienced provider of software to companies from the Fortune 100 to beyond the Fortune 1,000, BlackLine provides quick-to-implement, scalable and easy-to-use applications that automate the entire financial close process to help improve financial controls for companies of all sizes.  BlackLine software applications complement existing Enterprise Performance Management (EPM), Governance Risk and Compliance (GRC) and Enterprise Resource Planning (ERP) systems.

BlackLine offers clients its enterprise-class software in a simple and secure OnDemand/SaaS platform.  With a proven track record and a commitment to customer success, BlackLine seeks to reduce the burden the financial close places on accounting and finance professionals. 

BlackLine headquarters are in Los Angeles, with offices in Atlanta, Chicago, London, Melbourne, New York City and Sydney to serve the company’s growing global client base.










About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY