Stafford Associates Computer Specialists, Inc. understands the importance of being SAS 70 compliant. We want our customers to know they can trust Stafford to provide a data center facility that meet the most rigorous controls standards and best practices in the industry.
What is SAS 70?
SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SAS 70 is an acronym for 'Statement of Auditing Standards.'
Is SAS 70 a New Standard?
No. The SAS 70 was adopted by the American Institute of Certified Public Accountants (AICPA) as a standard in 1992. Increased outsourcing and the visibility of control requirements introduced in the Sarbanes-Oxley Act of 2002 have fueled a renewed interest in SAS 70.
What Type of Service Companies Are Candidates for SAS 70 Reviews?
Any company that provides the following services to another organization:
Executes and maintains accountability of transactions
Records transactions and processes information
Impacts the client's financial reporting
Typical service companies include application service providers, claims processors, clearinghouses, credit processing companies, and data center hosting facilities.
Why is SAS 70 Certification Important to Your Business?
A SAS 70 audit independently verifies the validity and functionality of a data center's control activities and processes. These control activities and processes are especially important to customers within the healthcare, insurance and financial markets, as well as to publicly traded companies who must validate the security of their financial and sensitive information controls.
Once SAS 70 Certification is Given, Are Future Audits Required?
Yes. Annual data center audits are performed to not only verify that procedures are in place and effective, but that they are maintained.
Is Stafford Associates Data Center, Inc. SAS 70 Certified?
Stafford received its SAS 70 Type II compliance in March, 2010.
Describe SAS 70 Type I and Type II Certifications?
Type I includes an opinion written by the service auditor. Type I reports describe the degree to which the data center fairly represents its services in regards to the operational controls that have been implemented to meet set objectives.
Type II reports are similar to Type I. However, an additional section is added which includes the service auditor's opinion on how effectively the controls operated during the defined period (usually six months but can be longer) of the review.
(SAS) No. 70 Compliant:
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
SAS 70 FAQS Frequently asked questions regarding SAS 70
PCI DSS Compliance Services:
The Payment Card Industry's Data Security Standard (PCI DSS )is widely regarded as an essential part of conducting business securely on the Web, so it is important to make sure the Internet Service provider you choose is up to the protocols before you go live with any payment acceptance. PCI DSS Compliance standards have grown more demanding in recent years and Stafford Associates can help you comply with every part of the PCI DSS Compliance code. At Stafford Associates, we have extensive experience working with clients to meet the most demanding security standards.
As a result, Stafford Associates has developed a wide range of services to meet the needs of the regulated marketplace including regulated and managed hosting services, application development, and PCI DSS Compliance consulting services.
