Register

Forgot Password

Site FAQ

Home > IT Blogs > Sister CISA CISSP > SAS 70 Reports – Are They Worthwhile?

>>VIEW ALL POSTS

Sister CISA CISSP

Jun 12 2008 7:18PM GMT

SAS 70 Reports – Are They Worthwhile?

Posted by: Arian Eigen Heald

Admins and Auditors, Compliance, IT audit, SAS 70

I noticed a recent post on the boards questioning the value of SAS 70 Reports. Given that I do about 15 a year, I thought I’d venture an answer to that question.

First, it’s important to understand what a SAS 70 is NOT:

It’s not a checklist;

It’s not a certification;

It’s not a security assessment;

In fact, it doesn’t do a thing for your network security, except, perhaps, inadvertently. It does not directly attest to the quality of your network security, either; that’s not its’ function.

And only a certified public accounting firm can do one, because a certified public accountant must sign off on the report.

So what CAN such a report do for your organization, and why? Are your customers constantly asking for one? Are you losing business because you don’t have one?

That’s next.

Comment

RSS Feed

Email a friend

Comment on this Post

Leave a comment:

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags

Sister CISA CISSP

SAS 70 Reports – Are They Worthwhile?

Comment on this Post

About This Blog

Browse This Blog’s Tags

Archives

Blog Roll

Subscribe to Alerts