SAS 70 Hosting Services

For customers that have highly sensitive data and require SAS 70 Certified hosting services, Connectria's hosting services have been audited and received SAS 70 Type II Certification. The Statement on Auditing Standards (SAS) 70 certification is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants and represents that a service organization has been through an in-depth audit of their control activities, which includes controls over information technology and related processes. sas70 hosting * Connectria has completed our 2011 SAS 70 Type II Audit, along with the new SSAE 16 Audit standard.
sas70 hosting
* Connectria has completed our 2011 SAS 70 Type II Audit, along with the new SSAE 16 Audit standard.

For customers that have highly sensitive data and require SAS 70 Certified hosting services, Connectria's hosting services have been audited and received SAS 70 Type II Certification. The Statement on Auditing Standards (SAS) 70 certification is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants and represents that a service organization has been through an in-depth audit of their control activities, which includes controls over information technology and related processes.

Connectria's SAS 70 Type II examination, which audited the operating effectiveness of our hosting controls over a period of time, was completed on February 1, 2008. Connectria received notice of its SAS 70 Type II compliance originally on April 29, 2008, and Connectria continues to take steps to maintain its SSAE 16 Certification*.

* Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) to effectively replace SAS 70 as the standard for reporting on service organizations with an effective date of June 15, 2011. SSAE 16 was drafted and issued with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the new international service organization reporting standard - ISAE 3402. Connectria has completed the SSAE 16 audit.

An Appropriate SAS 70 Certification For A Hosting Provider

Connectria's SAS 70 Certification was focused on the security of our hosting environment and the effectiveness of our support processes, utilizing the ISO/IEC 27002:2005 framework for internal IT controls. These controls establish guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization including:

  • Security Policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Information systems acquisition, development and maintenance
  • Information security incident management
  • Business continuity management
  • Compliance

Not All SAS 70 Certifications Are Alike

If you review the SAS 70 Certifications of many other hosting providers that claim to be SAS 70 Certified, you will find that they certified their Sales Order Processes, or their Billing Processes, or other processes that are mostly unrelated to their actual hosting services or hosting infrastructure. You see, in the SAS 70 Certification process, it is up to each company to determine what processes they want to audit and review.

Because of Connectria's core values of honesty and integrity - and our extensive experience hosting complex environments in banking, financial services, healthcare - we chose to utilize the appropriate standards when documenting the effectiveness of our hosting.

If you' re interested in learning more about Connectria's SAS70 Certification or to Request a Quote on any of our services, please contact us.