SAS 70 & Why a Readiness Assessment is Crucial
SAS 70 audits are everywhere these days or so it seems. Since the auditing standards inception in 1992, it has been widely used for assessing a service organization’s internal controls. The astonishing growth of the auditing standard has really been within the last 5 years, due in large part to the growth of regulatory compliance requirements and legislation, such as sarbanes-oxley.
Thus, if you are a service organization and are required to be SAS 70 Type I or SAS 70 Type II compliant, then a SAS 70 readiness assessment is where you need to begin. Jumping right into a Type I or Type II audit is not recommended for first timers. Take the time to conduct a readiness assessment for helping understand the true scope, time, and resources needed to successfully complete a SAS 70 Type I or Type II audit.
A well-planned SAS 70 readiness assessment, with guidance and expertise provided by a CPA firm specializing in SAS 70 audits should be comprehensive in nature and cover all major areas, such as the following:
- Organization and Administration-Executive Tone & Human Resources
- Incident Management
- Change Management
- Logical Security
- Network Security
- Physical Security
- Environmental Security
- Computer Operations
- Business Continuity and Disaster Recovery Planning (BCDRP)
To learn more about SAS 70 Readiness Assessments and what SAS 70 really is, visit the official SAS 70 Resource Guide, where you can also receive a sample SAS 70 Type II audit report.
