Sourcing/Procurement News
Most Read
Most E-mailed
E-mail Article
Print Article
Iasta Achieves SAS 70 Type II Certification
Software-as-a-service e-sourcing solution provider gets Sarbanes-Oxley checkup
Indianapolis — December 26, 2008 — Supply management solution provider Iasta has successfully completed an SAS 70 Type II audit of the general computer controls supporting its SmartSource suite of applications, the company has announced.
The audit, performed by an independent auditing firm, involved a rigorous examination and extensive testing before issuing an unqualified opinion on SmartSource in the areas of computer operations, information security, application change control and data communications, iasta said.
The Statement on Auditing Standards (SAS) No. 70, Service Organizations, developed by the American Institute of Certified Public Accountants (AICPA), is an in-depth audit of a service organization's control objectives and activities, including controls over information technology and related processes.
Application service providers (ASPs) as well as software-as-a-service (SaaS) providers must demonstrate that they have adequate controls and safeguards in place when hosting or processing customer data. Iasta achieved Type II certification, which is an extension of Type I that requires detailed testing of controls over an extended audit time period.
"As e-sourcing tools and the data they collect and manage play an increasingly dominant role in corporate procurement processes, companies are requiring a higher degree of security from their eSourcing solutions," said Iasta Chief Financial Officer Todd Epple. "The SAS 70 Type II Certification provides third-party, audited evidence that companies can choose SmartSource SRM knowing that Iasta has policies, procedures and safeguards in place to protect their data."
Sarbanes-Oxley legislation has placed an increased focus on the internal controls of business partners. The SAS 70 audit report is designed to provide clients with a certain level of assurance regarding the controls that are maintained by Iasta management.
The SAS 70 report addresses all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities.
"The structure of our report is intuitive and is designed to be incorporated with our clients' Sarbanes-Oxley compliance programs," Iasta said.
The audit, performed by an independent auditing firm, involved a rigorous examination and extensive testing before issuing an unqualified opinion on SmartSource in the areas of computer operations, information security, application change control and data communications, iasta said.
The Statement on Auditing Standards (SAS) No. 70, Service Organizations, developed by the American Institute of Certified Public Accountants (AICPA), is an in-depth audit of a service organization's control objectives and activities, including controls over information technology and related processes.
Application service providers (ASPs) as well as software-as-a-service (SaaS) providers must demonstrate that they have adequate controls and safeguards in place when hosting or processing customer data. Iasta achieved Type II certification, which is an extension of Type I that requires detailed testing of controls over an extended audit time period.
"As e-sourcing tools and the data they collect and manage play an increasingly dominant role in corporate procurement processes, companies are requiring a higher degree of security from their eSourcing solutions," said Iasta Chief Financial Officer Todd Epple. "The SAS 70 Type II Certification provides third-party, audited evidence that companies can choose SmartSource SRM knowing that Iasta has policies, procedures and safeguards in place to protect their data."
Sarbanes-Oxley legislation has placed an increased focus on the internal controls of business partners. The SAS 70 audit report is designed to provide clients with a certain level of assurance regarding the controls that are maintained by Iasta management.
The SAS 70 report addresses all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities.
"The structure of our report is intuitive and is designed to be incorporated with our clients' Sarbanes-Oxley compliance programs," Iasta said.
RSS Feeds
