Overview


SAS 70 (the Statement on Auditing Standards No. 70) defines the standards an auditor must employ in order to assess the contracted internal controls of a service organization. Service organizations, such as hosted data centers, insurance claims processors and credit processing companies, provide outsourcing services that affect the operation of the contracting enterprise.

The SAS 70 was developed by the American Institute of Certified Public Accountants (AICPA) as a simplification of a set of criteria for auditing standards originally defined in 1988.Under SAS 70,auditor reports are classified as either Type I or Type II. In a Type I report, the auditor evaluates the efforts of a service organization at the time of audit to prevent accounting inconsistencies, errors and misrepresentation. The auditor also evaluates the likelihood that those efforts will produce the desired future results. A Type II report includes the same information as that contained in a Type I report; in addition, the auditor attempts to determine the effectiveness of agreed-on controls since their implementation. Type II reports also incorporate data compiled during a specific time period, usually a minimum of six months.

SAS 70 reports are commissioned at the request of either a service organization (the company) or the user organization (customers). It is in the service organization's best interests to provide consistent service auditor's reports. Positive independent reports build a customer's trust and confidence in the service organization and satisfy any concerns. Furthermore, Type II reports identify any operational areas that need improvement. A lack of current reports, on the other hand, may generate multiple audit requests from the user organization and these audits can be costly for the service organization.

Valency Networks has helped many firms to become compliant towards SAS-70 certification. Our technically strong auditor’s also possess extensive knowledge in the field of implementing and recording security controls, which is an essential step towards SAS-70 certification.


IT Audit Services

Features

Process

Benefits

FAQ

Related Links

A typical website penetration testing service comprises of simulation of real life hacking methodologies. It encompasees various security attack vectors and exploitation of potential vulnerabilities. Read More
We follow a systematic and yet agile approach to test website security. This helps our customers gain an extremly accurate and elaborate results along with a knowledge base and years of experience on the subject matter.Read More
Security testing is a continuous improvement process to get benefited in terms of increasing ROI (Returns On Investment). Benefits of a pen-test are short term as well as long term. Read More
Here is a list of typical questions which are in the minds of those who wish to leverage our services. If you see more information, feel free to contact us. Read More
Please see a list of key vulnerabilities which must be tested while performing a website or webportal penetration testing. Read More

Testimonials