IP Services has SAS 70 independent auditor certification of over 100 procedures and control activities that are carefully designed for our High Availability IT Service Management solutions. This means we have 3rd party verification that we do what we say we do, and that we closely monitor our results.
This level of audited operations allows IP Services customers to have confidence that we follow the carefully designed procedures and controls we have in place to optimize results for our customer’s systems. And, this level of audit can reduce the ongoing audit cost of our customers who must demonstrate that IP Services offerings comply with various industry regulations.
SAS 70 is an acronym for Statement on Accounting Standards (SAS) used by the American Institute of Certified Public Accountants. This is the standard used to define how an auditor should assess the internal controls of a service organization, as they issue an audit report.
Our annual SAS 70 independent audit verifies:
This level of audited operations allows IP Services customers to have confidence that we follow the carefully designed procedures and controls we have in place to optimize results for our customer’s systems. And, this level of audit can reduce the ongoing audit cost of our customers who must demonstrate that IP Services offerings comply with various industry regulations.
SAS 70 is an acronym for Statement on Accounting Standards (SAS) used by the American Institute of Certified Public Accountants. This is the standard used to define how an auditor should assess the internal controls of a service organization, as they issue an audit report.
Our annual SAS 70 independent audit verifies:
Our documentation adequately describes our internal controls
The internal controls are designed to achieve our control objectives
The controls are in place at the time of audit
The internal controls are designed to achieve our control objectives
The controls are in place at the time of audit
Why Audit?
List of Audited Control Objectives
Physical Security: 23 specific control activities provide reasonable assurance that business premises and information systems are protected from unauthorized physical access, damage, and interference.
Environmental Security: 15 specific control activities provide reasonable assurance that critical information technology infrastructure is protected from certain environmental threats.
Backup Operations: 11 specific control activities provide reasonable assurance of timely system backup of critical files, off-site backup storage, and regular off-site rotation of backup files.
Maintenance Operations: 15 specific control activities provide reasonable assurance that system are maintained in a manner that helps reduce downtime.
Information Security: 15 specific control activities the provide reasonable assurance that client systems are protected from unauthorized or unintentional use, modification, addition or deletion, and that authentication and access mechanisms effectively control access to client systems.
Data Communications: 26 specific control activities provide reasonable assurance that the security infrastructure and practices secure against unauthorized access to IP Services’ internal network and threats from connections to external networks are limited.
Disaster Planning and Recovery: 4 specific control activities that provide reasonable assurance that policies and procedures are in place to minimize disruption of processing activities and services to user organizations in the event of a business interruption or natural disaster.
Environmental Security: 15 specific control activities provide reasonable assurance that critical information technology infrastructure is protected from certain environmental threats.
Backup Operations: 11 specific control activities provide reasonable assurance of timely system backup of critical files, off-
Maintenance Operations: 15 specific control activities provide reasonable assurance that system are maintained in a manner that helps reduce downtime.
Information Security: 15 specific control activities the provide reasonable assurance that client systems are protected from unauthorized or unintentional use, modification, addition or deletion, and that authentication and access mechanisms effectively control access to client systems.
Data Communications: 26 specific control activities provide reasonable assurance that the security infrastructure and practices secure against unauthorized access to IP Services’ internal network and threats from connections to external networks are limited.
Disaster Planning and Recovery: 4 specific control activities that provide reasonable assurance that policies and procedures are in place to minimize disruption of processing activities and services to user organizations in the event of a business interruption or natural disaster.
©2010 IP Services
