Consonus Data Centers Are SAS70 Type II Audited

SAS70 Type II Audits Confirm the Integrity of the Company's Data Centers

Consonus has completed a SAS70 audit, receiving both Type I and Type II SAS70 certification from independent auditor Grant Thornton as to the integrity of its data center facilities and data hosting solutions. Consonus participated in the internal controls audit to allow Consonus' clients to verify the security of their IT assets, confirm SOX compliance and other regulatory compliance requirements, and ensure overall IT compliance.

• Completion of Type II Audit - [03-10-2009]
• Completion of Type II Audit - [10-30-2007]
• Completion of Type I Audit - [02-02-2007]

About SAS70 Audits

Established by the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standards (SAS) 70 is a widely-recognized auditing standard for service organizations such as Consonus to demonstrate that they have adequate controls and processes in place. Specific areas for SAS70 certification include organizational controls, application development and maintenance controls, logical security and access controls, application controls, system maintenance controls, data processing controls, and business continuity controls.

SAS70 is a de facto standard for data centers and IT service providers because it represents that a service organization has been through an in-depth internal controls audit, which often include controls over information technology and related processes.

In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley (SOX) Act of 2002 make SAS70 audit reports even more important to the process of regulatory compliance and reporting on the effectiveness of internal control over financial reporting.

SAS70 is generally applicable when an independent auditor is planning the financial statement audit of an organization that obtains services from a particular provider. Service providers that impact an organization's system of internal controls could be application service providers, bank trust departments, claims processing centers, data centers, third party administrators, or other data processing service bureaus.

SAS70 Type I and SAS70 Type II

One of the most effective ways a hosting service provider can communicate information about its IT compliance and controls is through a Service Auditor's Report. There are two types of Service Auditor's Reports: Type I and Type II.

A SAS70 Type I report describes the service provider's controls at a specific point in time (e.g. June 30, 2007) and contains the auditor's opinion as to whether the provider presented that description accurately, and whether the provider suitably designed the internal controls to achieve specified control objectives.

In addition to the information contained in a SAS70 Type I report — whether the service organization's description of its controls presents fairly, in all material respects, the relevant aspects of the service organization's controls and whether the controls are suitably designed to achieve specified control objectives — a SAS70 Type II report includes detailed testing of the organization's controls, as well as the auditor's opinion as to whether those controls are sufficient in meeting the organization's objectives.

Benefits of Working with a SAS70 Certified Provider

The SAS70 audit is an intensive process, requiring months of preparation. A SAS70 Type II certification can take years to acquire, but the preparation work including documentation and process development, is highly valuable.

Issued by an independent accounting firm, a Service Auditor's Report with an unqualified opinion differentiates the service organization from its peers by demonstrating the establishment of effectively designed control objectives and control activities. Increasingly, SAS70 Type II certification is required by data center customers, especially: 

• Publicly-traded companies who must comply with the Sarbanes-Oxley Act of 2002 through a SOX audit for SOX compliance
• Any environment in which data is processed, held, or transmitted - for example, an Application Service Provider (ASP) for financial applications, such as online trading
• A company in possession of legally-protected customer information, such as a financial institution
• A business with health-sensitive information (HIPAA)
• A university with protected student information (FERPA)
• Loan originators and credit rating agencies and their providers (FCRA, GLBA)
• A provider of a service that involves eCommerce (WebTrust, PCI)

Because a SAS70 Service Auditor's Report certifies a provider's integrity and operational excellence, Consonus customers have greater confidence that they are entrusting their critical business data to a capable and qualified organization.

 

About

• Credentials
  • SAS70 Certification
  • Industry Recognition
• Leadership
  • Executive Management Team
  • Board of Directors
• Consonus Labs
• Consonus Office Locations
  • Atlanta, GA
  • Birmingham, AL
  • Cary, NC
  • Charlotte, NC
  • Ft. Lauderdale, FL
  • Greenville, SC
  • Hartford, CT
  • Jacksonville, FL
  • Knoxville, TN
  • Nashville, TN
  • Rockville, MD
  • Salt Lake City, UT
• Careers
  • Job Openings
  • Benefits
  • Employee Quotes

Media Contact: Consonus Technologies Inc. Jonna Murnick Director of Marketing +1 (704) 357-2720 jonna.murnick@consonus.com

 

• About
• Partners
• Resources
• Cloud Computing
• Solutions
• Careers
• Events
• News

Data Center Colocation Home | About | Solutions | Contact | Site Map | Careers | Partners
Copyright © 2007-2010 By Consonus Technologies, Inc. | Terms of Use | Privacy Statement