SAS 70

Sep 21 2008   9:22PM GMT

Security is essential for all new technology investments? SAS70

Keith Harrell Profile: SAS70ExPERT

Which new technologies are you adopting? With Web 2.0, social networking, wikis, and blogs – oh mY! With so many new avenues to penetrate your market, the decisions you make today can effect the success of your SAS 70 audit. When evaluating new technology, always first determine your company objectives as we previously discussed. In addition, you will need to remember to consider what new security features must be implemented in your computing environment to prevent downtime. It is essential early in the process that you identify the threats, the risks, and then create a plan.


 In identifying threats, the assessment team must consider who or what could compromise a target system’s components such that the system’s security attributes would be jeopardized. You should focus on how the information assets and components differ from what you already have. In identifying the security risks, consider what will th total potential impact on the organization. When your system is compromised – and it will be – how would you handle the loss of critical data?


To address technology security risks, requires a documented plan and you must train your employees on how to enact the plan. The SAS70 audit will require you to have a plan in place and it will examine who are the participants in the plan. The plan should include not only IT, but operations and senior management. Where is your security plan?

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Lplank
    I work at an accounting and consulting firm in Boston, Vitale Caturano ( and we have just stared to adopt to some of the new Web 2.0 tools, mainly social networking. It was big change for our firm, but we saw it necessary to keep ahead of the curve. You’re right though, addressing the security risks is a huge task, as the information we deal with is so sensitive. We do our SAS70 audits internally, and have a detailed plan which identifies threats and risks, and how to address them if necessary.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: