Index
Company
Investors
Properties
Services
Colocation
Connectivity
Facility Services
Compliance
Sarbanes Oxley
Gramm Leach
Hippa
SAS 70
Infrastructure
Scale 365
News Room
Contact
Customer Tools
 

365 Main, SAS 70 Type 2 Certified Facilities
Anyone preparing to comply with important legislation such as Sarbanes-Oxley, HIPPA, or Gramm-Leach-Bliley, or even Federal Rules 26 and 34* understands the need to partner with those who have performed the due diligence to ensure our standards exceed that of the typical colocation industry. 365 Main has made the commitment as well as dedicated the time and resources to guarantee that it is a qualified partner.

Making the time and devoting the resources to a SAS 70 audit is a significant process.
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes. In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.

SAS No. 70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format. A SAS 70 examination signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm. A formal report including the auditor's opinion ("Service Auditor's Report") is issued to the service organization at the conclusion of a SAS 70 examination.

SAS 70 provides guidance to enable an independent auditor ("service auditor") to issue an opinion on a service organization's description of controls through a Service Auditor's
Report (see below). SAS 70 is not a pre-determined set of control objectives or control activities that service organizations must achieve. Service auditors are required to follow the AICPA's standards for fieldwork, quality control, and reporting. A SAS 70 examination is not a "checklist" audit.

SAS No. 70 is generally applicable when an auditor ("user auditor") is auditing the financial statements of an entity ("user organization") that obtains services from another organization ("service organization"). Service organizations that provide such services could be application service providers, bank trust departments, claims processing centers, Internet data centers, or other data processing service bureaus.

In an audit of a user organization's financial statements, the user auditor obtains an understanding of the entity's internal control sufficient to plan the audit as required in SAS No. 55, Consideration of Internal Control in a Financial Statement Audit. Identifying and evaluating relevant controls is generally an important step in the user auditor's overall approach. If a service organization provides transaction processing or other data processing services to the user organization, the user auditor may be required to gain an understanding of the controls at the service organization.

* Overview Federal Rules of Civil Procedure
Rule 26: General Provisions Governing Discovery; Duty of Disclosure
Rule 34: Production of Documents and Things and Entry Upon Land for Inspection and Other Purposes

Background
The Federal Rules of Civil Procedure govern the conduct of civil actions brought in Federal district courts. Rules 26 and 34 govern discovery and disclosure of information relevant to the civil actions. In 1993, Rule 26 was amended substantially to accelerate the exchange of information.

Who is Affected
Entities affected by these Rules are:
• Organizations facing litigation
• Organizations that are aware that a discovery request may be made

In addition, since any entity may face litigation concerning activities long after the activities were carried out, each organization should consider its ability to comply with Rules 26 and 34 as it conducts its business in the ordinary course, so that it is able to comply with the Rules' requirements if a litigation event occurs. In many instances it may be too late to respond efficiently when faced with litigation if the groundwork for compliance was not in place when relevant records were created.

365 Main – The World’s Finest Data Centers