SAS 70

Nov 17 2008   11:23PM GMT

SaaS and SAS70 – SAS70ExPERT

Keith Harrell Profile: SAS70ExPERT

As more outsourcing of applications takes place in this economy by using SaaS(software-as-a-service), is Management producing costs savings? and how many SAS70’s will you be required to collect? From the Data Center operations, the IT support vendor, and the application provider?


When you perform your cost-benefit analysis items to consider are

  • Who will benefit from access control for your application
  • From where will your visitors/employees/customers be connecting to your information, vpn network, cellphone or pda, or other web enabled device
  • Obtain more control over your licensing costs

As you develop a strategic plan to use SaaS, build fundamental close relationships with your vendors and define them carefully in your contracts. Constantly update your contracts or service level agreements to match your needs and develop tools to monitor the success of your vendor meeting your requirements.


SAS70 must be performed on your SaaS vendor to provide you with the reliability, confidentiality and integrity of service to be provided to you and your customers. Control objectives may be similar or different, but careful examination of the audit report should be performed in order to determine that your data is secure.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: