Sister CISA CISSP

Jun 12 2008   7:18PM GMT

SAS 70 Reports – Are They Worthwhile?

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

I noticed a recent post on the boards questioning the value of SAS 70 Reports. Given that I do about 15 a year, I thought I’d venture an answer to that question.

First, it’s important to understand what a SAS 70 is NOT:

It’s not a checklist;

It’s not a certification;

It’s not a security assessment;

In fact, it doesn’t do a thing for your network security, except, perhaps, inadvertently. It does not directly attest to the quality of your network security, either; that’s not its’ function.

And only a certified public accounting firm can do one, because a certified public accountant must sign off on the report.

So what CAN such a report do for your organization, and why? Are your customers constantly asking for one? Are you losing business because you don’t have one?

That’s next.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: