March 11, 2008
SAS 70 Type II Certification – A Key Metric for SaaS Providers
Posted by Jeremy Hope, VP Operations
Security remains one of the biggest concerns that IT professionals have when a considering Software-as-a-Service solution. As a result, one of the most significant challenges that a SaaS provider must overcome is establishing a high degree of trust that customer data is safe in the vendor’s hands. There are a number of ways to do this, but one of the most important metrics that customers look for is the Statement of Auditing Standards No. 70, Services Organizations ("SAS 70") Type II Certification.
At Fortiva, we formally announced today that we achieved the SAS 70 Type II certification. SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants that validates that a service organization has been through an in-depth audit of its control activities, and demonstrates that they have adequate controls and safeguards when they host or process data belonging to their customers.
As anyone who has gone through this knows, it’s a long, drawn-out process that takes a serious commitment on the part of the service provider. However, it is one of the only independent/third-party metrics a customer can look for in order to establish a level of confidence. As a result, it’s an invaluable tool for SaaS providers and one that is worth every bit of the time and effort required to achieve it.
At Fortiva, we always say that maintaining the integrity, privacy and security of our client’s data is our most important goal. To achieve this, we are constantly reviewing our processes and improving them – but most of this happens “behind the scenes”. Achieving the SAS 70 Type II Certification is an important way for us to demonstrate the care and attention we place in this area.
