SAS 70 - Type II Audited
Why SAS 70 is important?
In 2007, CyberTrails successfully underwent its first SAS 70 - Type II audit and is committed to annual renewals going forward. The SAS 70 audit process was developed by the American Institute of Certified Public Accountants (AICPA) as an internationally recognized auditing standard for Service Organizations. Changes in the regulatory environment in recent years, including those brought about by the Sarbanes-Oxley Act, require companies to implement controls that ensure the reliability of their data. SAS 70 Type II examinations can help confirm that access to information is regulated internally and is limited by physical and logical controls. This report validates that CyberTrails' operational processes and controls meet high standards for the security and reliability of the systems managed on behalf of clients. The examination, conducted by an independent auditor, Lattimore Black Morgan & Cain, PC, includes design assessments and operating effectiveness tests of CyberTrails' policies and procedures, system availability, environmental controls, physical security, logical security, problem / incident management, and infrastructure change management.
To learn more about how your business can benefit from our SAS 70 Type II audit, call us toll-free at 888-462-9237, or email us at sales@cybertrails.net and provide your contact information and we will follow up with you.
What is SAS 70?
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A service auditor's examination performed in accordance with SAS No. 70 ("SAS 70 Audit") is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
SAS No. 70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format. The issuance of a service auditor's report prepared in accordance with SAS No. 70 signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm. The service auditor's report, which includes the service auditor's opinion, is issued to the service organization at the conclusion of a SAS 70 examination.
(More at: http://www.sas70.com/)