Completion of the SAS 70 Type II examination indicates that selected SAVVIS processes, procedures and controls have been formally evaluated and tested by an independent accounting and auditing firm. The examination included the companyâs controls related to security monitoring, change management, problem management, backup and environmental controls, logical and physical access.
SAS 70 is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for management to obtain assertions about service organization internal controls without conducting separate assessments. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 reports even more important to the process of reporting on effective internal controls by public companies.
A SAS 70 examination is widely recognized, because it represents that a service organization has been through an evaluation of their control activities as they relate to an audit of the financial statements of its customers. A Type II report not only includes the service organization's description of controls, but also includes detailed testing of the service organization's controls.
âAs one of the worldâs leading providers of managed IT infrastructure services, SAVVIS is committed to developing and refining systems that fully secure our service delivery infrastructure," said Tim Caulfield, Senior Vice President of Operations for SAVVIS. âA SAS 70 examination is an important factor as customers evaluate outsourcing their IT infrastructure to a service provider with an eye toward meeting their own stringent compliance requirements.â
SAVVIS selected Deloitte & Touche LLP to perform the examination because of their vast number of experienced resources with internal controls and SAS 70 expertise.