shopping cartShop

Call Us: 888 641 0500

Regulatory Compliance » SAS 70 Security Policy Solutions

SAS 70 / SSAE16 Security Policy Solutions

About the SAS 70 Auditing Standard

Statement on Auditing Standards (SAS) No. 70, Service Organizations is a well-recognized standard published by the American Institute of Certified Public Accountants. SAS 70 is used to provide third-party validation of the internal controls of service organizations, and allows them to disclose control activities and processes to their customers and auditors in a uniform reporting format.

The SAS 70 was recently updated by the Service Auditor Standard (ISAE 3402/SSAE 16)

Information Security Policies and SAS 70

Unlike other auditing standards, SAS 70 does not specify a required set of control objectives and is therefore not a "checklist" audit. Therefore, written policies are critical to formally document an organization's internal controls, and can become the basis for the evaluation by external auditors. Like COBIT, SAS 70 can include many other controls beyond information security. However, a significant component of a SAS 70 audit involves the evaluation of information security controls.

Develop Security Policies Quickly
Information Security Policies Made Easy Information Security Policies Made Easy by security policy expert Charles Cresson Wood, CISA, CISSP, is the definitive resource for information security policies. Includes over 1400 information security policies covering all ISO 17799 information security domains. Used by over 25% of the Fortune 100.

  » Learn More


Keep Policies Up to Date
The PolicyShield Information Security Policy Subscription includes all of the policies within ISPME with regular updates based on the latest threats, technologies and regulatory changes. Let our experts monitor the latest trends and write the policies you need when you need them.

  » Learn More

The Most Complete Security Policy Library Available

PolicyShield ™ contains over 1500 pre-written information security policies and expert commentary covering 123 different categories within the ISO 27002 security standard. Covers over 200 security areas including:

  • Data Privacy
  • Identity Theft
  • Firewalls
  • Encryption
  • Telecommuting
  • Telephone systems
  • Employee surveillance
  • Electronic commerce
  • Electronic records
  • Digital signatures
  • Computer viruses
  • Contingency planning
  • Logging controls
  • Internet
  • Intranets
  • Risk Assessments
  • Governance

  • » View topic list

    Regulatory Compliance » SAS 70 Security Policy Solutions

    Free Consultation
    Talk to Us
    Free 30 Minute Expert Consultation: (888) 641-0500
    Purchase Online
    Purchase Online
    We Accept VISA, MC and AMEX
    Free Policy Solutions Newsletter
    Free Newsletter
    Sign up for our free &
    Policy Solutions Newsletter