White Papers provided by the SAS 70 Resource Guide
Start your Audit with a SAS 70 Readiness Questionnaire
If your organization is currently looking to become SAS 70 Type I or Type II compliant in the near future, then a great way to gear up and get prepared for the audit is to obtain SAS 70 readiness questionnaire templates. These templates will help guide you through the SAS 70 process, detailing what areas of your organization fall under the audit scope and what type of documentation you will need to provide auditors for the audit itself.
The SAS 70 readiness questionnaire templates are also a great way to identify any deficiencies within your control environment. For example, while going through the questionnaire that deals specifically with Network Security, you may discover that your organization lacks documented policies and procedures, such as an I.T. security handbook. If so, you've identified a deficiency which would need to be remediated before the audit. It's just a simple example of how the sas 70 readiness questionnaire templates prepare you for the audit, allowing you to be proactive and identify issues BEFORE the audit, not during the audit process.
The SAS 70 readiness questionnaire templates and forms cover the following areas for ensuring your audit success:
· Organization and Administration-Executive Tone
· Organization and Administration-Human Resources
· Quality Assurance
· Systems Development Life Cycle (SDLC)
· Incident Management
· Change Management
· Logical Security
· Network Security
· Physical Security
· Environmental Security
· Computer Operations
· Business Continuity and Disaster Recovery Planning (Optional, not a SAS 70 requirement as put forth the AICPA that “plans” are not “control objectives”)
Additionally, you can request specific sas 70 readiness questionnaire templates and forms for specific industry requirements. For example, if you are a TPA, you can obtain specific readiness questions on plan administration. If you are a data center, you can obtain specific questions on provisioning of client managed services.
If you would like to receive the SAS 70 readiness questionnaire templates and forms, please email us at firstname.lastname@example.org.
Additionally, if you are interested in viewing SAS 70 sample reports, please visit the official SAS 70 Resource Guide and you will be emailed a complimentary Type II audit report.