Statement on Auditing Standards (SAS) No. 70, Service Organizations (SAS 70)
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
A service auditor's examination performed in accordance with SAS No. 70 ("SAS 70 Audit") represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes.
There are two types of SAS 70 reports.
A Type I SAS 70 report includes the service auditor's opinion on the fairness of the presentation of the service organization's description of controls that had been placed into operation and the functionality of the controls to achieve the specified control objectives.
A Type II SAS 70 report includes the information contained in a Type I service auditor's report and also includes the service auditor's opinion on whether the specific controls were operating effectively during the period under review
SAS 70 has grown increasingly popular with the implementation of the Sarbox Act. The Sarbanes-Oxley Act (usually referred to as Sarbox or Sox) adds importance in implementing SAS 70 as an important resource to show the effectiveness of a service organization's internal controls and data security safeguards.
(SAS) No. 70 Compliant:
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
SAS 70 FAQS Frequently asked questions regarding SAS 70
PCI DSS Compliance Services:
The Payment Card Industry's Data Security Standard (PCI DSS )is widely regarded as an essential part of conducting business securely on the Web, so it is important to make sure the Internet Service provider you choose is up to the protocols before you go live with any payment acceptance. PCI DSS Compliance standards have grown more demanding in recent years and Stafford Associates can help you comply with every part of the PCI DSS Compliance code. At Stafford Associates, we have extensive experience working with clients to meet the most demanding security standards.
As a result, Stafford Associates has developed a wide range of services to meet the needs of the regulated marketplace including regulated and managed hosting services, application development, and PCI DSS Compliance consulting services.
