SAS 70 Reports - Are They Worthwhile? - Sister CISA CISSP

Register

Forgot Password

Site FAQ

Home > IT Blogs > Sister CISA CISSP > SAS 70 Reports - Are They Worthwhile?

>>VIEW ALL POSTS

Sister CISA CISSP

Jun 12 2008 7:18PM GMT

SAS 70 Reports - Are They Worthwhile?

Posted by: Arian Eigen Heald

Compliance, IT audit, Admins and Auditors, SAS 70

I noticed a recent post on the boards questioning the value of SAS 70 Reports. Given that I do about 15 a year, I thought I’d venture an answer to that question.

First, it’s important to understand what a SAS 70 is NOT:

It’s not a checklist;

It’s not a certification;

It’s not a security assessment;

In fact, it doesn’t do a thing for your network security, except, perhaps, inadvertently. It does not directly attest to the quality of your network security, either; that’s not its’ function.

And only a certified public accounting firm can do one, because a certified public accountant must sign off on the report.

So what CAN such a report do for your organization, and why? Are your customers constantly asking for one? Are you losing business because you don’t have one?

That’s next.

Comment

RSS Feed

Email a friend

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Sister CISA CISSP

SAS 70 Reports - Are They Worthwhile?

Comment on this Post

About the Blogger

Arian Eigen Heald

Browse This Blog's Tags

Archives

Blog Roll

Subscribe to Alerts