lunedì 9 marzo 2009 16:28Is it the SDS Team's intention to have a service auditor perform an AICPA Statement on Auditing Standards No 70, “Report on the Processing of Transactions by Service Organizations”, Type I or (preferably) Type II audit in time that would permit the result of the audit to be available by SDS's RTW?
Thanks in advance,
(Cross-posted from Windows Azure forum - no response.
For those not up to date on SAS 70, see http://en.wikipedia.org/wiki/SAS_70.)
Tutte le risposte
lunedì 9 marzo 2009 17:13Here’s part of what MSFT's Microsoft’s Software as a Service (SaaS): An Enterprise Perspective 2006 whitepaper by Gianpaolo Carraro and Fred Chong has to say about SAS 70: "SAS 70 is not a law, but auditing and disclosure standards in various jurisdictions around the world (such as Sarbanes-Oxley in the United States) make up-to-date SAS 70 reports a de facto requirement for any business that provides services to other businesses, and any SaaS provider should consider having one readily available for examination."
Amazon published Amazon Web Services: Overview of Security Processes on 9/5/2008, which contains the following statement regarding SAS 70 audits: "AWS is working with a public accounting firm to ensure continued Sarbanes Oxley (SOX) compliance and attain certifications such as recurring Statement on Auditing Standards No. 70: Service Organizations, Type II (SAS70 Type II) certification. These certifications provide outside affirmation that AWS has established adequate internal controls and that those controls are operating efficiently."
(Cross-referenced in the Windows Azure forum).
giovedì 12 marzo 2009 18:09Hi Roger,
We are in the process of evaluating various certification requirements relative to SQL Data Service, with a goal toward achieving key certifications by commercial launch or shortly thereafter.
SDS Program Manager
- Contrassegnato come risposta Stan Kitsis - MSFT giovedì 19 marzo 2009 16:03
giovedì 19 marzo 2009 21:03I have a specialty in SOX, SAS 70 auditing, and alignment with internal control frameworks.
Let me know if you need some help. www.positiveassurance.biz