BlackLine Systems Completes SOC 2 Type 2 and SOC 3 Security and Availability Audit Achieving Stringent New AICPA Standards

SOC 2, SOC 3 audit 1st for account reconciliation, financial close software; 3rd-party validation from Moss Adams ensures highest level of security, effective controls in place for BlackLine Financial Close Suite clients

LOS ANGELES – May 6, 2013 – Four years after becoming the first account reconciliation/financial close software provider to successfully complete a SAS 70 (now Statement on Standards for Attestation Engagements No. 16 or SSAE 16 SOC 1) audit, the internationally recognized standard developed by the American Institute of Certified Public Accountants (AICPA) to set guidelines for auditors to use in order to objectively assess the internal controls of service organizations, BlackLine Systems is now also first in its space to successfully complete a SOC 2 Type 2 examination – adding even greater focus on controls related to the security and availability of the BlackLine Financial Close Suite, and demonstrating the operating effectiveness of these controls over the entire period of the audit.

“In today’s global economy, service providers must prove that they have sufficient controls and safeguards in place when they host or process data belonging to their customers. Using a provider like BlackLine, that has met the requirements and criteria of the SOC 2 Type 2 examination, should be a non-negotiable factor,” said Chris Kradjan, a partner with Moss Adams LLP, the tax, accounting and consulting firm that conducted the BlackLine audit. “The SOC 2 Type 2 audit sets providers like BlackLine apart from the rest.”

Service Organization Control (SOC) reports are internal control reports on the services provided by a service organization designed to provide valuable information to help users assess and address the risks associated with an outsourced service. BlackLine also has obtained a follow-on SOC 3 report based on the same security and availability principles covered in the SOC 2 audit. The SOC 2 and 3 reports are based on Trust Services Principles (TSP) which are designed to provide customers with assurance that a provider’s technology, systems and controls provide security, availability, confidentiality, processing integrity and/or privacy in accordance with the AICPA TSP 100 and AT section 101 of the AICPA attestation standards.

Moss Adams’ most recent audit of BlackLine reaffirms the company’s commitment and adherence to stringent, third-party requirements and processes surrounding its flagship financial close Software-as-a-Service (SaaS) suite.

“Choosing a service provider that adheres to auditing standards set forth by the AICPA is becoming increasingly important as more companies move to SaaS where sensitive corporate data is hosted by third parties,” added Kradjan. “This is especially important for large public and global companies that have sensitive information hosted offsite and that have to comply with Sarbanes-Oxley or other international reporting regulations.”

In the case of BlackLine, both the BlackLine application and data center/hosting provider have gone through their own respective, successful Type 2 audits. Furthermore, the scope of the BlackLine audit includes control objectives involving organization and administration, physical and environmental controls, logical security, system development, client implementation, data integration, system availability and disaster recovery.

“Having a third party come in and conduct these important audits each year confirming the operating effectiveness of our security and availability reinforces that BlackLine is offering clients an enterprise-class SaaS application,” Mario Spanicciati, executive vice president of operations and executive director of EMEA, BlackLine Systems, said. “Moss Adams’ stamp of approval is further testament to our commitment to deliver the highest level of services in an effort to provide a reliable, secure, high performance application to our growing global client base.”

In conjunction with its existing SOC 1Type 2 audit report, BlackLine also has successfully completed an International Standard on Assurance Engagements No. 3402 (ISAE 3402) examination using the standards set forth by the International Auditing and Assurance Standards Board (IAASB). The ISAE 3402 audit shows that BlackLine has system controls in place and operating effectively in compliance with international standards.

For more information on SOC audits and reports, visit the AICPA.


Ashley Dyer

Public Relations Director

P. 818.936.7166