 | ||||
575 University Avenue
Norwood, MA 02062
Any Document.
Anywhere.Anytime.Any Document.
Anywhere.Anytime.781-762-5800
We Listen.
We Understand. We Deliver.We Listen.
We Understand. We Deliver.Concerned About the Security of Your Documents?
SOURCECORP's SAS70 certification sets us apart from any other document management
company in our industry. If you are concerned about the security and protection of your paper documents and the confidential information contained in the files, why would you trust your information with anyone else.
What is a SAS70 Certification?
SAS70 is an acronym for Statement on Auditing Standard 70; it was developed and is maintained by the AICPA (American Institute of Certified Public Accountants). Specifically, SAS70 is a "Report on the Processing of Transactions by "Service Organizations" where professional standards are set up for a service auditor that audits and assesses internal controls of a service organization. At the end of the audit, the service auditor issues an important report called the "Service Auditor's Report".
A service organization can be defined as a business or entity that provides outsourcing services. These outsourcing services can and in most cases do impact the control environment of customers. Some of the many types of service organizations can be insurance claim processors, data centers, credit processing companies, and clearing houses.
It should be noted that SAS70 is not a barebones checklist audit; it is an extremely thorough audit that is used chiefly as an authoritative guidance. In today's market, it is a very helpful and substantial audit that shows transparency to the businesses that a service organization works with. In addition, it shows the service organizations prospective clients that the service organization has been thoroughly checked and deemed to have satisfactory controls and safeguards either when hosting specific information or processing information such as data belonging to customers that they do business with.
SAS 70 has grown increasingly popular with the implementation of the Sarbox Act. The Sarbanes-Oxley Act (usually referred to as Sarbox or Sox) adds importance in implementing SAS70 as an important resource to show the effectiveness of a service organization's internal controls and data security safeguards.
What are the Types of SAS70 Reports?
It should be noted that there are two different types of SAS70 reports. The first type commonly referred to as Type I includes an opinion written by the service auditor. Type I reports describe the degree in which the service organization fairly represent its services in regards to controls that have been implemented in operations and its inherent design to achieve objectives set forth.
Type II reports are similar to Type I, however an additional section is added, the additional section includes the service auditor's opinion on how effective controls operated under the defined period during the review (usually the defined period is six month, but can be longer).
You should note that there is a substantial difference between the Type I and Type II reports Type II reports are more through, because the auditors gives an opinion on how effective the controls operated under the defined period of the review. Type I only lists the controls, but Type II tests the efficacy of these controls to reasonably assure that they are working correctly. Because Type II reports require a much more thorough audit they are usually much more expensive.
What Does SAS70 Mean to You?
SAS70 Reports are extremely advantageous to user organizations because they can assess a service organizations controls and safeguards. Reports that user organizations receive are full of details describing the service organizations specific controls and in the case of Type II reports, whether the controls and safeguards are effective.
SAS70 Reports are an important tool for the user organizations' auditors; it is mostly used when planning financial statements for the user organization. Not only does the SAS 70 Report provide important information, but can also off set costs for the organization due to the fact that they will no longer have to send their own auditors to audit the service organization.
Copyright 2007 SOURCECORP
All Rights Reserved
Software Solutions
Departmental Solutions
SCANNING SOFTWARE
DOCUMENT RETRIEVAL
WEB BASED SYSTEMS
WORKFLOW SOFTWARE
AUTOMATIC FILE MGR
DATA ARCHIVING
EMAIL ARCHIVNG
INVOICE PROCESSING
RECORDS MANAGEMENT
