San Diego, CA, February 13, 2008: American Internet Services (AIS) has received SAS 70 Type II audit certification from independent auditing firm DuPont & Morgan, LLP. SAS 70 certification is an internationally-recognized standard which reviews all levels of technology service providers over a six-month period for business practices, communication, internal procedures, and security.
DuPont & Morgan, based in Nashville, TN, is a premier CPA and independent auditing firm which specializes in SAS 70 audits for technology providers. Statement on Auditing Standards (SAS) 70 is an auditing standard created by the American Institute of Certified Public Accountants that applies specifically to service organizations. SAS 70 is also a field audit, and for the Type II review, DuPont & Morgan auditors spent six months, July through December, on-site investigating AIS. Auditors went through almost 190 different control and policy areas, from physical security to accounting practices.
Its emphasis on information technology and security makes the SAS 70 certification an important priority for AIS. “We have always had the utmost confidence that all of our controls and procedures in place are operating at the rigorous standards we have set,” says Alessandra Carrasco, COO and executive vice president at AIS. “This certification adds yet another layer of assurance to our customers that our services are secure, precise, and fully compliant with regulations as set by Sarbanes-Oxley.”
This audit certification is setting the standard with state-of-the-art data centers; as businesses continue to outsource their colocation, SAS 70 Type II certification provides an in-depth and reliable way to verify the service quality.
SAS 70 audits look for five major areas:
- Customer communication practices
- Internal operations, which includes procedures, corporate ethics, and defined workplace codes
- Monitoring of internal systems
- Control activities, meaning the management policies in place at every level of the company
- Overall organizational attitude
For IT providers, this audit also focuses on safeguards for how customer data and records are handled, focusing on:
- Data security and integrity
- Physical security
- Design, development, and change cycles for hardware and software systems
- Records maintenance
- Client and customer policies
With this latest audit, AIS is certified for another year as an accredited colocation service provider for any Sarbanes-Oxley and HIPAA compliant organization. “As the completion of this independent audit verifies,” emphasizes Carrasco, “the services that our customers entrust with AIS are 100% functional and secure.”