Statement on Auditing Standards (SAS) no 70


Statement on Auditing Standards (SAS) No. 70 was developed by the AICPA

SAS 70 represents that a service organization has been through an in-depth audit of their control activities which generally include controls over information technology and related processes.

Service Organizations must demonstrate they have adequate controls and safeguards when they host or process customer data.

The requirements of Section 404 of Sarbanes- Oxley Act and Gramm-Leach-Bliley, NCUA Regulations 748 make SAS 70 audits mandatory.

SAS 70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customer’s auditors.

A SAS 70 examination signifies a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm. A formal report including the auditor’s opinion (“Service Auditor’s Report”) is issued to the service organization at the conclusion of a SAS 70 examination.

Using Pivot Group to assist with SAS 70 Compliance

Perform a SAS 70 preparation Audit. Allows a service organization to do a pre-audit before the SAS 70 examination in order to identify any weaknesses or deficiencies and perform remediation prior to the SAS 70 examination.

Pivot Group SAS 70 Prep Package includes:

  1. Review of Information Security Internal Controls & Procedures.
  2. Test of the Information Security Internal Controls & Procedures.
  3. Detailed Report of Results & Improvement Recommendations

Pivot Group can also team with an independent accounting and auditing firm to provide a complete SAS 70 Examination and Report

For more information about SAS 70, please refer to our Resource Guide.