SAS70 has become the gold standard for the auditing of service organizations, especially for providers of Software as a Services (SaaS). Steelwedge, the leading provider of Cloud based Sales and Operations Planning (S&OP) Services, has successfully completed the SAS70 Type II audit.
The SAS70 Audit is performed in two steps, each resulting in a report that’s issued by an independent and certified auditor.
The Type I Report describes the control objectives and controls that have been put in pace by the SaaS provider. The auditor renders an opinion on whether these objectives and controls are suitable for the type of operation the SaaA provider is offering. As Steelwedge’s controls and objective have been based on relevant ISO and COBIT guidelines, a positive SAS70 Type I report was easily issued in August 2009.
The Type II Report investigates actual compliance with Type I controls. In the Type II Report, issued to Steelwedge in January 2010, the auditor confirms Steelwedge’s adherence to established and documented industry standard processes. The auditor’s opinion was formed over a five month period through on-site visits, investigations and reviews.
The SAS70 audit offers piece of mind for our customers, knowing that their data is secure with Steelwedge. Our data center, our applications and our processes conform to the highest level of industry standards, and will continue to do so as Steelwedge continues to undergo Type II Audits in regular six month intervals.
Steelwedge customers and prospects alike can rely on the opinion of a certified and independent auditor to ensure compliance with their internal data and security needs. This eliminates the need to conduct individual custom audits, saving both time and money.
Steelwedge’s regular SAS70 Audits do more than simply check the box on the currently popular topic. As the business world evolves and security requirements continue to increase, Steelwedge empowers its customers to stay ahead of the curve.
Also, Business Continuity Planning (BCP) and Disaster Recovery Process (DRP) have increasingly gained significance over the last six to twelve months in the SaaS world. Companies continue to trust Steelwedge with their S&OP needs due to our ability to provide a rapid fail-over solution in the unlikely event of disaster, enabling them to continue to run their business on Steelwedge.
SSAE No. 16 will require some more work on management’s behalf, if you are currently a service organization undergoing a SAS70 you should check with your auditing firm on this.
Your organization will expect next year’s audireport to be an SSAE 16 instead of a SAS 70, with some increased duties for management!