C7 Data Centers completed a SSAE 16 Type 2 audit for each of its data centers on July 19, 2011. This SSAE 16 Type 2 audit supersedes the SAS 70 Type audit, which means that C7 will discontinue its SAS 70 audits as it is not as applicable as the SSAE 16 audit.
The below SAS 70 FAQ article will remain on the website for a time as a reference. Please see the SSAE 16 FAQ article for more information on C7′s SSAE 16 type 2 audit.
What is SAS 70?
SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SAS 70 is an acronym for ‘Statement of Auditing Standards.’
SAS 70 demonstrates that C7 data centers have adequate controls and safe guards in place to host or process data related to their customer base. SAS 70 is not a certificate, but an opinion on the nature of those controls.
Is SAS 70 a New Standard?
No. The SAS 70 was adopted by the American Institute of Certified Public Accountants (AICPA) as a standard in 1992. Increased outsourcing and the visibility of control requirements introduced in the Sarbanes-Oxley Act of 2002 have fueled a renewed interest in SAS 70.
What Type of Service Companies Are Candidates for SAS 70 Reviews?
Any company that provides the following services to another organization:
- Executes and maintains accountability of transactions
- Records transactions and processes information
- Impacts the client’s financial reporting
Typical service companies include application service providers, claims processors, clearinghouses, credit processing companies, and data center hosting facilities.
Why is a SAS 70 Audit Important to Your Business?
A SAS 70 audit independently verifies the validity and functionality of a data center’s control activities and processes. These control activities and processes are especially important to customers within the healthcare, insurance and financial markets, as well as to publicly traded companies who must validate the security of their financial and sensitive information controls.
Once a SAS 70 Audit is Passed, Are Future Audits Required?
Yes. Annual data center audits are performed to not only verify that procedures are in place and effective, but that they are maintained.
Is C7 Data Centers, Inc. SAS 70 Audited?
C7 received its SAS 70 Type I compliance on April 20, 2009. Type II compliance was completed in April 16, 2010. Please contact us if you would like to review our SAS 70 Type II Compliance Report.
Describe SAS 70 Type I and Type II Audits?
- Type I includes an opinion written by the service auditor. Type I reports describe the degree to which the data center fairly represents its services in regards to the operational controls that have been implemented to meet set objectives.
- Type II reports are similar to Type I. However, an additional section is added which includes the service auditor’s opinion on how effectively the controls operated during the defined period (usually six months but can be longer) of the review.
For More Information:
SAS 70 Statement on Auditing Standards
