SAS 70

Oct 21 2008   12:07AM GMT

Access Rights and SAS70 audit

Keith Harrell Profile: SAS70ExPERT


Access rights for current employees are essential for the completion of a successful audit. Your company should have a hiring and firing policy that is followed to the letter of the law. When an employee is hired or fired they should have an authorization process to add or delete from company systems or applications. It is essential that you educate your current employees, contractors, an third party users on this process on a continual basis.


Your company should company not only operating systems or applications, but physical access to company assets. Shared passwords or usernames should be immediately deactivated once an employee or third party leaves. When developing a policy for hiring or terminating consider:


1.       whether the termination or change of employment will be initiated by your or a third party

2.       the current responsibilities of the employee

3.       the value of the company assets or data that the employee has access too.


Without a good termination policy or checklist, you will have exceptions within your SAS 70 audit.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: