ips

What is SAS 70?
The SAS 70 (Statement on Auditing Standards No. 70) is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SAS 70 audits examine a service organization’s control objectives and control activities, often including controls over information technology and related processes. By getting a SAS 70 audit from an independent auditor, a service organization can demonstrate that they have sufficient safeguards and controls when hosting or processing their customers’ data. This assurance helps to build customers’ confidence and trust in the organization. SAS 70 audit reports are particularly important to the process of reporting on the effectiveness of internal control over financial reporting as a result of the requirements of Section 404 of the Sarbanes-Oxley (SOX) Act of 2002.

Who must comply?
The SAS No. 70 applies to service organizations and service providers. Service organizations include application service providers, data centers, claims processing centers, bank trust departments, third party administrators, or other data processing service bureaus.