SSAE 18: Why it’s critical in selecting a technology partner
How do your technology partners show that you can trust them? Ask for their SSAE 18 documentation.
Earlier this month, we welcomed Zerrick Pearson, the The VP of Technology at Five Guys, and Tamy Duplantis, the President of Return on Information Consulting, to join us in a panel at the 2019 Food Service Technology (FSTEC) show to discuss what to look for when selecting a technology partner.
Ultimately, there are a number of questions you should ask, including whether you can scale with the partner's technology or if they'll provide a strong return on investment. But perhaps the most important - and often overlooked - question is whether you can trust that the partner runs their business infrastructure according to best practice determined by SSAE. SSAE stands for Statement on Standards for Attestation Engagements, which is overseen by The American Institute of Certified Public Accountants (AICPA) and more specifically the Auditing Standards Board (ASB).
Trust is an increasingly critical component of a technology partner relationship as data becomes more complex and system hacking processes become more sophisticated. Even if you initially trust a potential tech provider (which you would likely have to in order to entertain a partnership with them) that trust has to be maintained over time. Moreover, a breach of trust isn’t always the result of malicious intent. Some tech companies may want to do the right thing, but rapidly evolving data sets mean more risks enter the data management process all the time. That's why SSAE 18 is so important.
Trust is an increasingly critical component of a technology partner relationship, as data becomes more complex and system hacking processes become more sophisticated.
What is SSAE 18?
SSAE 18 and their supporting System and Organization Controls (SOC) documentation is the new standard for service providers managing client information. In 2016, the AICPA decided it had to standardize attestation criteria. It replaced SSAE 10 through 17 and required service auditors to enhance their risk assessment procedures around the reported subject matter. This new standard was required for all SOC reports issued after May 1, 2017.
So what does this mean for restaurant companies? Essentially, since data is becoming more complex and thus risks are increasing concurrently, there should be a higher set of standards for service providers that are entrusted to manage customer data. In basic terms, it's harder for technology partners to maintain your trust, so that's why they have to follow a higher form of standards. In doing so, you can trust that they will properly manage your information to the highest set of standards required of them.
Why SSAE 18 is Important in Selecting a Restaurant Technology Partner
SSAE 18 was a major topic of conversation when CrunchTime Founder and President Bill Bellissimo sat down with Zerrick and Tamy at FSTEC 2019. Both are long-time veterans of the restaurant industry and understand that the growing volume of data in restaurants means tighter protections from service providers are required.
They agreed that SSAE 18 compliance is one of the first things they look for when selecting a technology partner. Not only does it answer the critical question of trust, it speaks to how they operate, which can help determine the quality of service they'll provide their customers.
“One of the levers we can use to speed up the tech partner selection process is the ability to collect their recent SSAE 18 which provides a comprehensive evaluation of their technology backbone, security, business continuity, and processes," says Duplantis, who consults restaurants on technology partner investments. "It would take weeks to perform all that work. Plus the SSAE 18 is an equalizer based on standard metrics."
Ask Your Tech Partners for Their SSAE 18 Report Today.
You have a lot to think about as you operate restaurants. Wondering whether your tech partners and vendors have the infrastructure in place to be trusted with your company's data should not be keeping you up at night. When your technology partner is in compliance with SSAE 18 standards, a trusting and beneficial partnership can emerge.
# # #