Compliance Assessment

DQS Certification India provides compliance assessment services for SSAE 18 and CMMC Standards.

SSAE 18 Assessment

SSAE 18 Assessment is required for organizations (Service Organization) performing outsourcing services which affect the financial statements of their clients (User Organization).

For Example if you are an organization providing below mentioned services you may be asked to provide a SSAE 18 Type-II Audit Report Signed by CPA registered in USA.

  • Software as a Service
  • Payroll Processing and Accounting Servicing
  • Data Centre Services, etc.

Statements on Standards for Attestation Engagements 18 (SSAE 18)

What is CMMC?

CMMC (Cyber Maturity Model Certification) is a certification process developed by DOD (Department of Defense, USA) for its Contractors to ensure that they have the system for protection of sensitive data including Federal Contract Information and Controlled Unclassified Information.

CMMC Model is based on the best-practices of different cyber security standards i.e. NIST 800 Standards, Federal Regulations, Defense Federal Acquisition Regulations Supplement (DFARS), UK’s Cyber Essentials and Australia’s Essential Eight. The CMMC New Draft Version.7 was released on 6 December 2019.The Final Version 1.0 is expected to be released in January 2020.

 Latest Update:

The CMMC Model Version 1.0 will be released in January 2020 with clarifications. Regarding Certification under this model currently DOD is developing the process of Accreditation. An RFI was brought out regarding this in previous months. Once the process of Accreditation will be finalized, an RFP for Accreditation Board selection will be brought out. After that the Accreditation Board will be selected. Then, the Accreditation Board will select the process for Third Party Accreditation Organization [TPAO]. This is expected to be complete by June 2020. Further details can be obtained from the FAQ’s on the website of Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification.


  • Information collected from Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification and compiled by the author.
  • Further Information can be taken from
  • Copyright Carnegie Mellon University and Johns Hopkins University Applied Physical Laboratory LLC.

SAS70 – Statement on Auditing Standard 70