Third party services and SAS70 audit - SAS 70

Register

Forgot Password

Site FAQ

Home > IT Blogs > SAS 70 > Third party services and SAS70 audit

>>VIEW ALL POSTS

SAS 70

Dec 9 2008 1:16AM GMT

Third party services and SAS70 audit

Posted by: sas70expert

Third-party services, Management, SAS 70

During a SAS 70 audit, an auditor may examine any relationships with third parties. Any third party agreements or service level agreements should contain:

1. procedures to protect all outsourced data, applications or hardware

2. a description of the services provided and the target level of services

3. the establishment of an escalation process should an incident occur

4. the right to audit and determine that they are adhering to your agreement

5. the respective liabilities of both parties should an incident occur.

During a SAS70 audit, you have a choice to exclude your outsourced services or include them in the examination. I would recommend you include them, especially if they are essential to the services you are providing to your customers. SAS70ExPERT@gmail.com

Comment

RSS Feed

Email a friend

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

SAS 70

Third party services and SAS70 audit

Comment on this Post

About the Blogger

sas70expert

Browse This Blog's Tags

Archives

Blog Roll

Subscribe to Alerts