05-11-09 | Blog Post
Update: SAS 70 reports only on controls related to financial reporting. If you need assurance of controls directly related to data centers, including privacy, security and availability, look for a SOC 2 report.
SAS 70 was replaced by SSAE 16 in June 2011.
Online Tech & UHY have partnered for a seminar for CIOs and IT Directors of publicly held companies or firms servicing publicly held companies on how to survive a SAS-70 Audit.
SAS-70 is a nationally recognized audit standard for evaluating process and security control procedures across the data center. A SAS-70 audit is done by a CPA firm and a data security expert with experience in data center and network security.
Certain types of data, by regulation, require a SAS-70 audit. Specifically, Sarbanes-Oxley calls for testing of internal IT controls that relate to financial reporting, even for outsourced IT functions. HIPAA also has specific data handling controls that can be confirmed with a SAS-70 audit report. PCI and CISP compliance can be more easily accomplished by starting with a SAS-70 audit.
Online Tech has successfully thrived through a number of SAS-70 audits. They recently completed an audit on all their data centers and have assisted a number of colocation and dedicated server clients survive their own SAS-70 audits. It’s these experiences from both the auditee and the service provider’s perspective that has helped identify the five key elements for not only surviving a SAS-70 audit, but thriving as a result of the audit.
Join Yan Ness, Chief Executive Officer of Online Tech and Angela McBride, Principal, UHY, LLP in sharing with you the “auditee” and the “auditor” view of the SAS-70 audit process and tips for successfully surviving the audit.