What Is SAS 70 Compliancy?

The SAS 70 audit minimizes the need for multiple sets of auditors to separately examine the same set of controls that govern a third party’s services. “SAS” is an acronym for Statement on Auditing Standards, which are standards issued by the American Institute of Certified Public Accountants. These standards provide guidance to external auditors on Generally Accepted Auditing Standards (GAAS) in regards to auditing an entity and issuing a report. There are more than one hundred such standards in existence.
SAS No. 70 is titled “Reports on the Processing of Transactions by Service Organizations”. “SAS 70″, as it is commonly known, defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report, which is referred to as a SAS 70 audit report.

Why is SAS 70 Type II Compliance Important?

In today’s global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.

In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting. The SAS 70 audit independently verifies the validity and functionality of a Data Center’s control activities and processes.

These control activities and processes are important to customers within the financial , healthcare, and insurance sectors, as well as to publicly traded companies who must validate the security of their financial and sensitive information controls. A yearly audit is performed to not only verify that procedures are in place and effective, but that they are maintained.