Frequently Asked Questions:

Leach Bliley (GLBA) and SAS 70 | Privacy and Safeguards Rule

SAS 70 audits are conducted on a wide variety of service organizations in today' ever growing regulatory compliance arena. The advent of Sarbanes Oxley, (SOX) along with HIPAA and other notable pieces of compliance legislation has pushed SAS70 audits into the business spotlight, to say the least.

Though Sarbanes Oxley (SOX) and HIPAA get much credit for overall growth of SAS70 audits, the Gramm Leach Bliley Act, commonly known as GLBA, has also contributed significantly to the rise of SAS 70 Type I and SAS70 Type II audits.

The tremendous growth in regulatory compliance laws and regulations has had a profound impact on SAS 70 audits, resulting in financial institutions requiring third party service organizations to be SAS70 compliant. Because of the requirements set forth in GLBA, specifically within the Financial Privacy Rule and the Safeguards Rule, financial institutions, such as banks and other organizations identified as "financial institutions", must ensure their outsourced providers are compliant within the framework of the GLBA. Thus, based on increasing concerns on privacy and protection of consumer data, SAS 70 audits will continue to be a very important component of GLBA for purposes of compliance for financial institutions and their third party outsourcers.

Thus, service organizations will be faced with additional regulatory compliance costs and need to take measures in communicating with all parties (auditors, financial institutions, and intended users of the report) in preparing and assisting with SAS 70 compliance for notable issues, such as cost, scope, and timeframe of the SAS 70 Type I or Type II audit.