What is SAS 70?
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A service auditor's examination performed in accordance with SAS No. 70 ("SAS 70 Audit") represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes.
There are two types of service auditor reports.
A Type I service auditors report includes the service auditor's opinion on the fairness of the presentation of the service organization's description of controls that had been placed into operation and the functionality of the controls to achieve the specified control objectives.
A Type II service auditors report includes the information contained in a Type I service auditor's report and also includes the service auditor's opinion on whether the specific controls were operating effectively during the period under review
Why is SAS 70 Type II Compliancy Important?
In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
The SAS 70 audit independently verifies the validity and functionality of a Data Center's control activities and processes. These control activities and processes are important to customers within the financial , healthcare, and insurance sectors, as well as to publicly traded companies who must validate the security of their financial and sensitive information controls. A yearly audit is performed to not only verify that procedures are in place and effective, but that they are maintained.
Intelishift is able to provide customers with documentation of the SAS 70 Type II Compliancy. This not only saves valuable time and money for customers needing to meet SAS70 compliancy standards, but also in reaching PCI Compliance Standards as well.