Global Provider of Assurance and Compliance Services
Audit and Assurance Services
Compliance and Certification Services
An audit performed in accordance with Statement on Auditing Standards (SAS) No. 70, commonly referred to as a “SAS 70 audit”, is a third party assessment of a service organization’s internal controls governing a service it provides to its clients. The primary benefit of a SAS 70 audit is that a single audit serves as a substitute for individual audits being performed by each of the clients of the service. SAS 70 audits focus on operational and technological controls related specifically to the service under review, and generally have no concern for the service organization’s internal controls in other areas, including matters related to financial reporting.
SAS 70 Solutions is a licensed certified public accounting firm and provides SAS 70 audit services to hundreds of clients in locations throughout the world.
Every entity that stores, processes or transmits cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS). This standard is overseen by the PCI Security Standards Council and focuses on information security policy, cardholder data security, access control, network security and monitoring, and organizational vulnerability management. Certain organizations are required to undergo annual onsite validation by a Qualified Security Assessor (QSA) depending on the nature of the organizations services and annual transaction volume.
SAS 70 Solutions is an accredited QSA and provides PCI validation services, as well as other PCI advisory services.
The ISO 27000 family of standards comprise the information security standards jointly maintained by the International Standards Organization (ISO) and International Electrotechnical Commission (IEC). ISO 27002, titled Information technology - Security techniques - Code of practice for information security management sets forth a wide variety of security objectives and best practices that may be utilized to meet those objectives. Although ISO certification can not be obtained for this standard, many organization’s elect to have a compliance audit performed to determine the extent of their compliance with the ISO 27002 best practices.