Home > IT Blogs > Regulatory Compliance, Governance and Security >

Regulatory Compliance, Governance and Security:

Software as a Service

May 13 2009   7:44PM GMT

SAS 70 Audits for Data Centers | It’s a “SaaS”y Environment



Posted by: Charles Denyer
Compliance, sas 70 and SaaS, Software as a Service, SOX, charles denyer, data centers, managed services, colocation

SAS 70 audits are being performed at a record pace these days on data centers, managed service providers and co-location entities. The big question is why? Well, there are many general answers that we all hear, such as “Oh, it’s just today’s compliance environment” or “SOX has really affected our business”.

Sure, these are true statements, somewhat boiler plate, but they are true.

In reality, dig a little deeper and stretch a little further into the insight and analysis and you will find that a large number of entities are operating in a Software as a Service (SaaS) mode and function, which essentially has resulted in the explosive growth for many data centers. These companies who have a SaaS business model are being hit quite hard by the SAS 70 compliance mantra from their clients and as such, the down stream effect is that data centers are now included in the scope of many SaaS entities. Amazing what 2 to 3 years can do to the I.T. industry. I say this because it was not that long ago (2005 or so) that a large number of Data Centers were not SAS 70 compliant…and i argue that a big reason for this change has been that SaaS entities occupy racks and racks of space now days.

So there is your SAS 70 and SaaS connection.

But hey, as a SAS 70 Auditor, it’s just my opinion.

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend

Aug 26 2008   8:05PM GMT

SAS 70 Audits & Software as a Service (SaaS) | Helpful Audit Tips



Posted by: Charles Denyer
Compliance, SaaS, Software as a Service, regulatory compliance, SAS 70, sas70, sas70 sample reports

The Software as a Service (SaaS) industry and SAS 70 audits actually have quite a bit in common. First and foremost, both the SAS 70 auditing standard and the SaaS industry have seen explosive growth in the past five years, thanks in large part to regulatory compliance and the advent of technology. Second, from a compliance standpoint, SaaS providers are increasingly being required to be SAS 70 Type II compliant.

The sheer nature of the SaaS industry has forced the SAS 70 auditing standard’s requirement onto many SaaS providers. What’s more, what may have been perceived as a market edge, a compliance luxury, the SAS 70 audit is now a must have for SaaS providers, or lose potential clients and future prospects.

If you are an organization falling under the SaaS industry label, there are a few helpful things you can do to get ready for a SAS 70 audit:

1. Find a firm that truly understands the SaaS industry-it can be complicated due to the nature of the industry itself.
2. Fina a firm that will give you a fixed fee for the audits. That’s right, no need to pay additional out of pocket expenses to the auditor. Most reputable firms are now moving towards the fixed fee mentality, so your checkbook should too.
3. Make sure you define the scope early with the CPA firm doing the audit. The SaaS industry has many providers and outsourcing entities that could potentially be in scope for the audit of your company. From data centers to external, third party managed providers of security, you and the CPA firm need to nail down who and what is included in the scope. This will have a sizable impact on the time, fees, and man hours needed to complete the audit.

To learn more about SAS 70 audit, visit the official SAS 70 Resource guide where you can receive sample SAS 70 reports for view.

AddThis Social Bookmark Button     0 Comments     RSS Feed     Email a friend