SAS 70 Compliant Data Center
What is SAS 70?
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
A service auditor's examination performed in accordance with SAS No. 70 ("SAS 70 Audit") represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes.
In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
There are two types of SAS 70 reports.
A Type I SAS 70 report includes the service auditor's opinion on the fairness of the presentation of the service organization's description of controls that had been placed into operation and the functionality of the controls to achieve the specified control objectives.
A Type II SAS 70 report includes the information contained in a Type I service auditor's report and also includes the service auditor's opinion on whether the specific controls were operating effectively during the period under review
SAS 70 has grown increasingly popular with the implementation of the Sarbox Act. The Sarbanes-Oxley Act (usually referred to as Sarbox or Sox) adds importance in implementing SAS 70 as an important resource to show the effectiveness of a service organization's internal controls and data security safeguards.
SAS 70 FAQ
Stafford Associates Computer Specialists, Inc. understands the importance of being SAS 70 compliant. We want our customers to know they can trust Stafford Associates to provide a data center facility that meets the most rigorous controls standards and best practices in the industry.
What is SAS 70?
SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SAS 70 is an acronym for 'Statement of Auditing Standards.'
Is SAS 70 a New Standard?
No. The SAS 70 was adopted by the American Institute of Certified Public Accountants (AICPA) as a standard in 1992. Increased outsourcing and the visibility of control requirements introduced in the Sarbanes-Oxley Act of 2002 have fueled a renewed interest in SAS 70.
What Type of Service Companies Are Candidates for SAS 70 Reviews?
Any company that provides the following services to another organization:
- Executes and maintains accountability of transactions
- Records transactions and processes information
- Impacts the client's financial reporting
Typical service companies include application service providers, claims processors, clearing houses, credit processing companies, and data center hosting facilities.
Why is SAS 70 Compliance Important to Your Business?
A SAS 70 audit independently verifies the validity and functionality of a data center's control activities and processes. These control activities and processes are especially important to customers within the healthcare, insurance and financial markets, as well as to publicly traded companies who must validate the security of their financial and sensitive information controls.
Once SAS 70 Compliance is Verified, Are Future Audits Required?
Yes. Annual data center audits are performed to not only verify that procedures are in place and effective, but that they are maintained.
Is Stafford Associates Data Center, Inc. SAS 70 Compliant?
Stafford Associates received its SAS 70 Type II compliance in March, 2010.
More Information
- PCI Data Security & Assurance
- Common questions and answers
- PCI Compliant Application Services
- Custom inhouse and trusted 3rd party applications
- PCI Compliant Ecommerce Solutions
- Custom storefront software and credit card solutions.
PCI DSS Compliance Overview:
- What is Payment Card Industry Data Security Standard (PCI DSS)
- PCI Compliance security standards
- PCI Compliant Hosting & Data Security/ Assurance
- PCI Compliant Ecommerce Solutions
- PCI Compliant Application Services
- PCI Compliant Ecommerce Solutions
- Contact Our PCI Compliance Experts Regarding your PCI DSS Needs