By obtaining the SAS 70 Type II certification, our goal, as a service provider, is to deliver the assurance to our customers and prospects that we meet or exceed an extensive list of controls in both our business and technical operations. The SAS 70 certification reduces the need for our customers to build certain controls into their IT infrastructure in order to comply with Sarbanes-Oxley 404 (SOX) and Gramm-Leach-Bliley Act (GLBA). In addition, our customers will be able to avoid certain auditing activities, since they are already covered by DataComm’s SAS 70 Type II audit.
Under SAS 70, if an organization uses a service provider to process transactions, host data, or other significant services, a company's management team may conduct a thorough evaluation of the service organization's controls, or they may obtain a SAS 70 auditors report from the service organization. A SAS 70 certification validates that a service organization has undergone and satisfied an in-depth audit of their internal and external control activities.
DataComm began the SAS 70 service provider audit in June 2008. As part of the audit process, DataComm's systems and processes underwent extensive evaluation and testing, including: security monitoring, change management, system development life cycles, backup controls, physical and environmental safeguards, logical as well as physical access and other criteria.
Given the substantial costs associated with non-compliance with SOX and GLBA, the SAS 70 Type II audit compliance should be part of every organization's checklist when evaluating third party service providers. Today, if a DataComm customer is audited for SOX or GLBA compliance, they will be able to hand their auditors our SAS 70 report. As a fast-growing company we are proud to be able to provide our customers the assurance that comes from this auditing process. At DataComm, we remain committed to maintaining the highest compliance standards set for the industry.
Click Here to request a copy of the report.