Windows Azure Platform >
Will SDS Undergo a SAS 70 Type I or Type II Audit Prior to Release? If Not, When?

Answered Will SDS Undergo a SAS 70 Type I or Type II Audit Prior to Release? If Not, When?

  • Monday, March 09, 2009 4:28 PM
     
     
    Sign In to Vote
    0
    Is it the SDS Team's intention to have a service auditor perform an AICPA Statement on Auditing Standards No 70, “Report on the Processing of Transactions by Service Organizations”, Type I or (preferably) Type II audit in time that would permit the result of the audit to be available by SDS's RTW?

    Thanks in advance,

    --rj

    (Cross-posted from Windows Azure forum - no response.
    For those not up to date on SAS 70, see http://en.wikipedia.org/wiki/SAS_70.)
    OakLeaf Blog
     

All Replies

  • Monday, March 09, 2009 5:13 PM
     
     
    Sign In to Vote
    0
    Here’s part of what MSFT's Microsoft’s Software as a Service (SaaS): An Enterprise Perspective 2006 whitepaper by Gianpaolo Carraro and Fred Chong has to say about SAS 70: "SAS 70 is not a law, but auditing and disclosure standards in various jurisdictions around the world (such as Sarbanes-Oxley in the United States) make up-to-date SAS 70 reports a de facto requirement for any business that provides services to other businesses, and any SaaS provider should consider having one readily available for examination."

    Amazon published Amazon Web Services: Overview of Security Processes on 9/5/2008, which contains the following statement regarding SAS 70 audits: "AWS is working with a public accounting firm to ensure continued Sarbanes Oxley (SOX) compliance and attain certifications such as recurring Statement on Auditing Standards No. 70: Service Organizations, Type II (SAS70 Type II) certification.  These certifications provide outside affirmation that AWS has established adequate internal controls and that those controls are operating efficiently."

    (Cross-referenced in the Windows Azure forum).

    OakLeaf Blog
     
  • Thursday, March 12, 2009 6:09 PM
     
     Answered
    Sign In to Vote
    0
    Hi Roger,

    We are in the process of evaluating various certification requirements relative to SQL Data Service, with a goal toward achieving key certifications by commercial launch or shortly thereafter.

    Thank you,

    Nino
    SDS Program Manager
    nino
     
  • Thursday, March 19, 2009 9:03 PM
     
     
    Sign In to Vote
    0
    I have a specialty in SOX, SAS 70 auditing, and alignment with internal control frameworks.

    Let me know if you need some help.  www.positiveassurance.biz