As more outsourcing of applications takes place in this economy by using SaaS(software-as-a-service), is Management producing costs savings? and how many SAS70’s will you be required to collect? From the Data Center operations, the IT support vendor, and the application provider?
When you perform your cost-benefit analysis items to consider are
- Who will benefit from access control for your application
- From where will your visitors/employees/customers be connecting to your information, vpn network, cellphone or pda, or other web enabled device
- Obtain more control over your licensing costs
As you develop a strategic plan to use SaaS, build fundamental close relationships with your vendors and define them carefully in your contracts. Constantly update your contracts or service level agreements to match your needs and develop tools to monitor the success of your vendor meeting your requirements.
SAS70 must be performed on your SaaS vendor to provide you with the reliability, confidentiality and integrity of service to be provided to you and your customers. Control objectives may be similar or different, but careful examination of the audit report should be performed in order to determine that your data is secure. SAS70ExPERT.biz