• USA.NET SOLUTIONS FOR YOUR BUSINESS
• Addressing Your
  Email challenges » SMB » Enterprise/Multi-office
• Exchange Hosting
• Webmail
• SharePoint Services
• Mobile Messaging
• Integration with Applications
• Secure Email Solutions
• Change Management
• Complex Migrations
• Switching From Another Email Hosting Provider
• Learn About Switching from In-House Email
• Archiving and eDiscovery
• Collaboration
• Resource Center

SAS 70 AND SAS 70 TYPE II DRILL DOWN

IMPORTANT DIFFERENCES BETWEEN SAS 70 AND SAS 70 TYPE II

In today 's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.

American Institute of Certified Public Accountants

In an atmosphere of stricter legislation and greater auditing, compliance can become a full-time job. It's complex, complicated and costly. Does your company really have the time and the temperament to conduct comprehensive audits? Choosing an email service provider that provides these necessary audits might not only save you time and money, but also provide you with another tool to help meet your compliance requirements surrounding electronic communications! But what type of audit should you be looking for?

Here's the difference between the two types of Service Auditor's Reports: Type I and Type II. A Type I report describes the service organization's description of controls at a specific point in time (e.g. June 30, 2007). A Type II report not only includes the service organization's description of controls, but also includes detailed testing of the service organization's controls over a minimum six month period (e.g. January 1, 2007 to June 30, 2007).

In a Type I report, the service auditor will express an opinion on (1) whether the service organization's description of its controls presents fairly, in all material respects, the relevant aspects of the service organization 's controls that had been placed in operation as of a specific date, and (2) whether the controls were suitably designed to achieve specified control objectives.

In a Type II report, the service auditor will express an opinion on the same items noted above in a Type I report, and (3) whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the period specified.

Since 2002, USA.NET has contracted Deloitte & Touche to perform annual SAS 70 Type II accreditation audits designed specifically to examine the quality of operations and controls. With USA.NET's SAS 70 Type II Audit, customers can trust that our services are consistent, safe and reliable and are compliant with emerging regulatory mandates. A SAS 70 Type II Audit demonstrates that the infrastructure, applications and processes have passed rigorous, independent third party testing and have an environment that incorporates the processes and controls that are necessary for effectively hosting and exchanging corporate data and financial information.

Overall, a SAS 70 Type II Audit is a demonstration of both the legal and business commitment to superior levels of reliability, availability and security. Shouldn't your service provider offer the highest level of accreditation?