Home Library Formazione Code Download Supporto Community Forums
Microsoft Developer Network >
Will SDS Undergo a SAS 70 Type I or Type II Audit Prior to Release? If Not, When?

Con risposta Will SDS Undergo a SAS 70 Type I or Type II Audit Prior to Release? If Not, When?

  • lunedì 9 marzo 2009 16:28
     
     
    Registrati per votare
    0
    Is it the SDS Team's intention to have a service auditor perform an AICPA Statement on Auditing Standards No 70, “Report on the Processing of Transactions by Service Organizations”, Type I or (preferably) Type II audit in time that would permit the result of the audit to be available by SDS's RTW?

    Thanks in advance,

    --rj

    (Cross-posted from Windows Azure forum - no response.
    For those not up to date on SAS 70, see http://en.wikipedia.org/wiki/SAS_70.)
    OakLeaf Blog
     

Tutte le risposte

  • lunedì 9 marzo 2009 17:13
     
     
    Registrati per votare
    0
    Here’s part of what MSFT's Microsoft’s Software as a Service (SaaS): An Enterprise Perspective 2006 whitepaper by Gianpaolo Carraro and Fred Chong has to say about SAS 70: "SAS 70 is not a law, but auditing and disclosure standards in various jurisdictions around the world (such as Sarbanes-Oxley in the United States) make up-to-date SAS 70 reports a de facto requirement for any business that provides services to other businesses, and any SaaS provider should consider having one readily available for examination."

    Amazon published Amazon Web Services: Overview of Security Processes on 9/5/2008, which contains the following statement regarding SAS 70 audits: "AWS is working with a public accounting firm to ensure continued Sarbanes Oxley (SOX) compliance and attain certifications such as recurring Statement on Auditing Standards No. 70: Service Organizations, Type II (SAS70 Type II) certification.  These certifications provide outside affirmation that AWS has established adequate internal controls and that those controls are operating efficiently."

    (Cross-referenced in the Windows Azure forum).

    OakLeaf Blog
     
  • giovedì 12 marzo 2009 18:09
     
     Con risposta
    Registrati per votare
    0
    Hi Roger,

    We are in the process of evaluating various certification requirements relative to SQL Data Service, with a goal toward achieving key certifications by commercial launch or shortly thereafter.

    Thank you,

    Nino
    SDS Program Manager
    nino
     
  • giovedì 19 marzo 2009 21:03
     
     
    Registrati per votare
    0
    I have a specialty in SOX, SAS 70 auditing, and alignment with internal control frameworks.

    Let me know if you need some help.  www.positiveassurance.biz
     
© 2013 Microsoft. Tutti i diritti riservati.
|
Commenti e suggerimenti sul sito