SOX and Managed Hosting

0 pts.
Tags:
SOX compliance
If I want to be SOX compliant and my company uses a managed hosting company for our servers, what requirements do I expect the managed hosting company to emplore for me to be SOX compliant.
ASKED: October 30, 2007  5:36 PM
UPDATED: February 20, 2009  3:20 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Your hosting company will need to provide either a SAS70 or Systrust certification. If they don’t have one, discuss the situation with your auditors. The auditors advice may be non-specific, but essentially tell you that your hosting environment is under scrutiny for lack of controls. You, as the owner of the data, will need to show how you control your data, and that necessary mitigating controls are in place to handle the lack of procedures at your hosting center. It’s a bit of extra work to do so, but the cost/benefit is basically around:

cost of datacenter with SAS70/Systrust vs. cost of you writing the docs and staying where you are at. An oversimplification is to choose whichever is cheaper and less disruptive to your business.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following