Sify Assure :: Enterprise Security & Risk Management Services - Compliance Services

SAS 70

In today's global economy, service organizations or service providers are required to demonstrate that theyhave adequate controls and safeguards when they host or process data belonging to their customers.

Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for reporting design and operational effectiveness of a service organization's internal controls over processing transactions.

SAS No. 70 enables service organizations to disclose their control activities, their effectiveness and processes to their customers and their customers' auditors in a uniform reporting format.

Sify Assure offers the following audit Services under Sify Assure SAS 70 Auditing Services.

A Type I SAS 70 report describes the service organization's description of controls at a specific point in time and includes the service auditor's opinion on the fairness of the presentation of the service organization's description of controls and the suitability of the design of the controls to achieve the specified control objectives.

A Type II SAS 70 report includes the information contained in a Type I report and also includes the service auditor's opinion on whether the specific controls were operating effectively to provide reasonable, but not absolute, assurance that the control objectives were achieved during the period audited.

SAS 70 Readiness Assessment: Aids organizations to determine their preparedness for an actual SAS 70 audit.