Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Is a SAS 70 audit a type of security audit?

audit SAS security type
0
0 Posted

Is a SAS 70 audit a type of security audit?

0 CommentsAdd a Comment

1 Answer

0
0

The primary purpose of a SAS 70 audit is not to evaluate the information security controls of an organization; however, topics generally considered to be within the domain of information security are normally included in the scope of every SAS 70 audit. A typical SAS 70 audit examines both application controls and general IT controls. Topics such as logical access controls, application and system change control, cryptography, systems availability and monitoring, telecommunications and network security, and physical and environmental security are integral to application control objectives. In addition, information security related control objectives are often selected by the service organization to specifically highlight these topics that are considered to be of great importance by user organizations and their auditors. Service organizations often have a valid need for both a SAS 70 audit and a security audit. It is critical to understand that only a SAS 70 audit report can be relied up

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123