What is SAS 70 Type II ?


SAS 70 Type II is the most widely recognized professional auditing standard. Developed by AICPA (American Institute of Certified Public Accountants), SAS 70 represents the professional guidelines that CPAs (certified public accountants) must follow when conducting audits. SAS 70 Type II compliance signifies the most stringent form of professional examination. An audit based on this level of compliance certifies that a hosting provider has had its control objectives and activities examined by a qualified independent accounting and auditing firm. SAS 70 Type II adherence demonstrates that a provider maintains adequate processes and safeguards when it hosts or processes customer data. An SAS 70 Type II audit is a major undertaking for any hosting provider, which has much to gain or lose depending on the audit’s outcome. Key areas of analysis include:

  • Computer and network operations
  • Network security
  • Business physical security
  • Datacenter physical security
  • Business-environment security
  • Datacenter-environment security
  • Logical security
  • Business continuity and disaster-recovery planning
  • Change management for applications and solutions
  • Executive and senior management
  • Decision-making processes
  • Human resources

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s