SAS 70

Oct 22 2008   2:26AM GMT

Third party agreements and SAS70 audit – SAS 70

Keith Harrell Profile: SAS70ExPERT


During a SAS70 audit, an auditor may examine any relationships with third parties.  Any third party agreements or service level agreements should contain:


1.       procedures to protect all outsourced data, applications or hardware

2.       a description of the services provided and the target level of services

3.       the establishment of an escalation process should an incident occur

4.       the right to audit and determine that they are adhering to your agreement

5.       the respective liabilities of both parties should an incident occur.


During a SAS70 audit, you have a choice to exclude your outsourced services or include them in the examination. I would recommend you include them, especially if they are essential to the services you are providing to your customers.



 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: