Success Factors

As of

June 15, 2011

SAS 70 Reporting Standards will be replaced by Service Organization Control (SOC) Reports.

Organizations that experience successful SAS 70 audits have the same Success Factors:

• A positive attitude and understanding of how to identify key controls.
• A view that considers internal controls as an integrated process allowing management  flexibility in choosing the controls necessary to support their current service and business requirements
• Well-defined operational processes communicated so  your team can  execute them consistently
• A core set of well-defined homogeneous, scalable services for your customers
• A good organizational structure, sufficient resources and basic segregation of duties between management and staff, as well as between incompatible IT functions (i.e. security administration & programming)
• A view of Information Security that considers and manages the risks of both external and internal security issues
• A view of Information Security that considers and manages the risks of both external and internal security issues
• Key process owners that are able to help capture and validate key business processes
• A member of management who functions as the key point of contact, and champion for the audit process.

These processes are accomplished during various stages of the audit engagement and not all steps are performed for all audits. For instance, continuing clients (those who have previously received an audit) would not require a Control Gap Analysis unless there had been significant changes to the controls or services offered.