Statement on Auditing Standards No. 70: Service Organizations
Our datacenter facilities in Milpitas and Ashburn are SAS 70 Type II compliant.
Some background on SAS 70
SAS 70 provides guidelines to auditors who assess the internal controls of a given service organization. The result of this audit is a detailed report (known as a Service Auditor’s report) and comes in two types – Type I and Type II. For the full text of SAS70 please visit this site.
Assessing internal controls of a service organization, or an entity that uses one or more service organizations, covers various areas of the business. The resulting report can then serve as a resource for understanding the internal controls in operation at the service organization.
When assessing audit reports and standards for an organization, there may also be overlaps with other standards. For example, the ISO 27000 series standards contain similar control guidelines regarding data that may be found in a SAS70 audit report.
Type I vs Type II
A Type I service auditor’s report includes the auditor’s opinion on the fairness of the presentation of the service organization’s description of controls that had been placed in operation and the suitability of the design of the control to achieve the specified control objectives. Keep in mind that the auditor opinion presented in the report is only regarding controls in place as of a specific date.
A Type II service auditor’s report includes the Type I report information in addition to the auditor’s opinion on whether the specific controls were operating effectively during the period under review. The Type II report also augments the Type I report findings since they are based on control objectives identified during a specified period.
Why is SAS 70 important?
Peak Hosting takes data control seriously in our facilities and business methods. No matter the vertical industry, these granular controls help demonstrate that appropriate controls and safeguards are present in critical facilities where hosted and processed data resides.
Our datacenter facilities are SAS 70 Type II and documentation is available upon request.