SAS 70 Type II Audit
Logicworks is a SAS 70 Type II audited organization. The Statement on Auditing Standards No. 70 (SAS 70), is an independent examination of our controls and procedures. The audit provides assurance that the descriptions we provide are fairly stated, suitably designed, and effective.
How Does a SAS 70 Audit Work?
The service provider—Logicworks—issues documentation on all of its controls and procedures as they pertain to sensitive customer information contained on Logicworks’ hosted managed infrastructures. It is important to know that the audited party sets the scope of the audit to be performed, as well as independently creates all control tests and documentation necessary to support its claims.
Important Differences
Because there are two types of SAS 70 audits (Type I and Type II) there is confusion in the marketplace about the purpose and validity of this process. In a Type I audit, the service provider documents its controls and procedures, which are then reviewed by an auditor for adherence to generally accepted best practices.
In a Type II audit, all claims made in the document are tested for an extensive period of time—minimum six months, before the auditor renders his/her verdict.
Logicworks’ SAS 70 Audit
Logicworks’ scope for its SAS 70 Type II audit includes on-boarding policies for new hires, disaster recovery and business continuity planning, IT and physical security policies, data backup and recovery procedures, provisioning of services, asset tracking and inventory management, separation of client infrastructures, decommissioning of servers and services, and other business practices.
Please contact a Logicworks Account Executive if you’d like to see Logicworks’ SAS 70 Type II report.
For an independent opinion of the importance of our SAS 70 Type II audit to your business, please read "Are Your Software Services Compliant?" in InfoWorld (April 25, 2006).
