SAS 70 Security Policy Solutions

About the SAS 70 Auditing Standard

Statement on Auditing Standards (SAS) No. 70, Service Organizations is a well-recognized standard published by the American Institute of Certified Public Accountants. SAS 70 is used to provide third-party validation of the internal controls of service organizations, and allows them to disclose control activities and processes to their customers and auditors in a uniform reporting format.

Information Security Policies and SAS 70

Unlike other auditing standards, SAS 70 does not specify a required set of control objectives and is therefore not a "checklist" audit. Therefore, written policies are critical to formally document an organization's internal controls, and can become the basis for the evaluation by external auditors. Like COBIT, SAS 70 can include many other controls beyond information security. However, a significant component of a SAS 70 audit involves the evaluation of information security controls.

Information Security Policies Made Easy by security policy expert Charles Cresson Wood, CISA, CISSP, is the definitive resource for information security policies. Includes over 1400 information security policies covering all ISO 17799 information security domains. Used by over 25% of the Fortune 100.

  » Learn More

The PolicyShield Information Security Policy Subscription includes all of the policies within ISPME with regular updates based on the latest threats, technologies and regulatory changes. Let our experts monitor the latest trends and write the policies you need when you need them.

  » Learn More

The Most Complete Security Policy Library Available

PolicyShield ™ contains over 1500 pre-written information security policies and expert commentary covering 123 different categories within the ISO 27002 security standard. Covers over 200 security areas including: