Is there a list of SAS 70 standards, control objectives, or checklists?
Since service organizations are responsible for describing their controls and defining their control objectives, there is no published list of SAS 70 standards. Generally, the control objectives are specific to the service organization and their customers. However, there are some great sources of control objectives and other published standards that can be used to prepare for a SAS 70 audit or another type of third party assurance. The Information Systems Audit and Control Association (ISACA) publishes a set of control objectives referred to as “CoBIT”. Information on CoBIT and how to purchase the latest editions are on the ISACA website at http://www.isaca.org. Another great source of guidance is the WebTrust Principles and Criteria and the SysTrust Principles and Criteria. Both are available from the AICPA website and can be downloaded for free at http://www.aicpa.org/assurance. Each principle has specific criteria elements and illustrative controls that can serve as a baseline for y
Related Questions
- Should Title V applicants list all federally applicable requirements or just those with emissions limitations, control requirements, operational restrictions, etc.?
- HSRP does not work when an Access Control List (ACL) is applied. How can I permit HSRP through an ACL?
- What is being used to control rodents and insects at the temporary garbage sites?
