Regulatory Compliance, Governance and Security

Aug 28 2008   1:07PM GMT

SAS 70 Audits for Data Centers & Managed Services

Charles Denyer Charles Denyer Profile: Charles Denyer

If you are a data center or manged services provider and need a SAS 70 audit, then here are some helpful tips and strategies for finding the right firm, getting a fair and equitable fee, and for ensuring you have the proper scope for the audit.

Today’s data center are complex entities, providing customers with a broad array of services, thus it’s important your SAS 70 report meets and exceeds the objectives of the audit for you and your customers.

1. First and foremost, find a CPA firm that specializes in not only SAS 70 audits, but one that has a strong understanding of the services offered by your organization. From ping, power, and pipe to highly complex managed services, it’s important to remember to keep all critical services within the scope of the audit.

2. Get a fixed fee for your audit. With the rising cost of expenses, such as gas, travel and other ancillary services ,getting a “fixed fee” for your SAS 70 audit ensures that costs are contained, and you have an exact idea of what you will be paying for the audit. SAS 70 audits that do not include expenses will ending costing data centers approximately an additional 20% or more over the original agreed fee. Hourly rates for auditing data centers should be considered a thing of the past-work hard to get a fixed. fee.

3. Scope the audit correctly by making sure the CPA firm conducting the SAS 70 audit includes the following areas for examination and testing:

  • Executive Tone
  • Human Resources
  • Customer Contract Process
  • Customer Provisioning Process
  • Incident Management
  • Change Management
  • Logical Security
  • Network Security
  • Physical Security
  • Environmental Security
  • Computer Operations

There also a number of Data Center best practices that should be in place for helping facilitate the overall success of the SAS 70 audit.

To learn more about SAS 70 audits or to receive a SAS 70 sample report, visit the official SAS 70 Resource Guide.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: