SAS 70

Dec 9 2008   1:16AM GMT

Third party services and SAS70 audit

Keith Harrell Profile: SAS70ExPERT

During a SAS 70 audit, an auditor may examine any relationships with third parties.  Any third party agreements or service level agreements should contain:

 

1.       procedures to protect all outsourced data, applications or hardware

2.       a description of the services provided and the target level of services

3.       the establishment of an escalation process should an incident occur

4.       the right to audit and determine that they are adhering to your agreement

5.       the respective liabilities of both parties should an incident occur.

 

During a SAS70 audit, you have a choice to exclude your outsourced services or include them in the examination. I would recommend you include them, especially if they are essential to the services you are providing to your customers. SAS70ExPERT@gmail.com

 

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: