Iasta successfully completed a SAS 70 Type II audit of the general computer controls supporting its SmartSource suite of applications. The audit was performed by a nationally recognized, independent auditing firm who performed a rigorous examination and extensive testing before issuing an unqualified opinion on SmartSource in the following areas:
- Computer Operations
- Information Security
- Application Change Control
- Data Communications
The Statement on Auditing Standards (SAS) No. 70, Service Organizations, developed by the American Institute of Certified Public Accountants (AICPA), is an in-depth audit of a service organization's control objectives and activities, including controls over information technology and related processes. Application service providers (ASPs) as well as Software-as-a-Service (SaaS) providers must demonstrate that they have adequate controls and safeguards in place when hosting or processing customer data. Iasta achieved Type II certification, which is an extension of Type I that requires detailed testing of controls over an extended audit time period.
Iasta recognizes that Sarbanes-Oxley legislation has placed an increased focus on the internal controls of valued business partners. The SAS 70 audit report is designed to provide clients with a certain level of assurance regarding the controls that are maintained by Iasta management. The SAS 70 report addresses all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities. The structure of our report is intuitive and is designed to be incorporated with our clients' Sarbanes-Oxley compliance programs.
