Statement on Auditing Standards (SAS) No. 70 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A service auditor's examination performed in accordance with SAS No. 70 (also commonly referred to as a "SAS 70 Audit") is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
SAS No. 70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format. The issuance of a service auditor's report prepared in accordance with SAS No. 70 signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm. The service auditor's report, which includes the service auditor's opinion, is issued to the service organization at the conclusion of a SAS 70 examination.
In accordance with the importance of maintaining financial organization within the business, our datacenter adheres to the Statement on Auditing Standards (SAS 70) rules for a service organization, including the extensive written policies and procedures required by the American Institute of Certified Public Accountants (AICPA). Our data centers also provide the added assurance of Type II reporting, which tests the operating effectiveness of the controls over time. In addition, our datacenter has implemented a COBIT control framework, which is especially useful for the internal control reporting requirements specified in Sarbanes-Oxley.