DataMail Service is SAS 70 Type II Certified
The SAS 70 ("Statement on Auditing Standards No. 70") is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). Service Auditor Reports issued in accordance with SAS 70 provide a means for our clients who are subject to Sarbanes-Oxley (Section 404) or Gramm-Leach-Bliley Act privacy provision to evaluate the effectiveness and significance of their service provider’s controls.
SAS 70 Service Auditor Reports vary by whether the outcome presents a Type I or Type II Report. A Type I Report merely takes into consideration that there are controls in place in the service organization. The Type II Report, the most stringent, not only identifies the controls but also includes rigorous on site testing of those controls and the operating effectiveness of the production and security processes that are in place.
DataMail takes great pride in the fact that we have obtained a Type II Report. Based on the demand that our client’s auditors need to ensure that today’s service providers have the necessary operating structure, DataMail decided that a Type II Report was necessary.
“In today’s global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.”
American Institute of Certified Public Accountants