Posted by: Charles Denyer
regulatory compliance, SAS 70 Type I, sas 70 type ii, sas70
Does your organization need to be SAS70 compliant? If so, many people often ask me if they have to complete a SAS70 Type I audit before doing a SAS70 Type II audit. And the answer? Well, it all depends on a number of factors, such as: 1. Has your organization ever gone through a SAS70 audit before, if so when? 2. Are you required to be SAS70 Type II compliant or will a SAS70 Type I suffice for your client’s for this year? 3. What is your deadline for completing a SAS70 audit and when must it be presented to your clients or their auditors?
As you can see, there’s no quick black or white answer to the question. The most important to understand is what are the requirements that are being put on you by another entity for being SAS70 compliant. In essence, you should be able to answer the who, what, when, where and why within a relatively short period of time. You can also call a CPA firm that specializes in SAS70 audits to help answer these questions for you.
If you want to learn more about SAS70 audits, then visit the official SAS70 Resource Guide, where a wealth of information awaits you on SAS70 audits.