Does your organization provide an outsourced service? If so, does it touch or interact with that organization’s data? If you answered yes to both these questions, then you may need to under go an independent audit or audits to demonstrate that your organization has sufficient security controls in place.
One such audit is Statement on Standards for Attestation Engagements No. 16 (SSAE 16). At its core, an SSAE 16 audit is a means through which your organization can demonstrate the levels you go to protect the sensitive data of your customers
SAS 70 (Statement on Auditing Standard 70) Report is a “Report on the Processing of Transactions by Service Organizations”. The SAS 70 is a professional standard for a service auditors that audit and assesses internal controls of a service organization. At the end of the audit, the service auditor issues a report called the “Service Auditor’s Report”. Intersec Worldwide can perform this service for you and prepare your Audit Report.
There are two types of SAS 70 Reports:
SAS 70 Type 1 audit report is an audit that describes the situation on a specific date. Similar to the way a balance sheet depicts a company’s financial condition on a specific date.
SAS 70 Type II audit report is a report that tests the operating effectiveness of those controls over certain period of time; typically six (6) months. Similar to the way an income statement depicts a company’s financial condition over a period of time. This audit fulfills the requirements for Sarbanes Oxley compliance.