Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

SAS 70 information security certification for Brivo

Brivo Systems : 30 March, 2009  (Company News)
Brivo customers can be sure of the security of information controls after the company achieves Statement on Auditing Standards 70 certification
Brivo Systems has announced successful completion of a SAS 70 Type II information security audit. The SAS 70 Type II certification assures customers that a service provider's controls and processes provide reasonable assurances of service levels and data security.


"Statement on Auditing Standards No. 70," commonly abbreviated as "SAS 70," is an auditing statement issued by the American Institute of Certified Public Accountants (AICPA). It defines the processes an auditor uses to assess the internal controls of service organizations that provide data processing, storage, or application services to their customers. Brivo's SAS 70 audit was performed by the SC&H Group, LLC of Sparks, MD, a CPA and management consulting firm serving a large client base ranging from emerging businesses to the largest Fortune 500 companies.


The Sarbanes-Oxley Act has identified the Type II SAS 70 audit as the only acceptable method for a third party to assure a service organization's controls. The Type II audit is more thorough than Type I (awarded to Brivo in 2008) because it assesses whether the company's security control processes are effective during the entire calendar period for which the audit applies.


"The Type II audit was a logical and important next step after our Type I audit last year," said Steve Van Till, President and CEO of Brivo Systems. "We continued this rigorous SAS audit process, in part, to satisfy growing demand from Fortune 500 and other publicly held companies with whom we do business." Under most interpretations, Sarbanes-Oxley compels public companies to have IT audits for internal systems and, by extension, for any outsourced services they use for certain critical services. According to the SEC, publicly held companies can rely on an outsourced service provider's SAS 70 report to meet their own obligation to assess controls over outsourced services. Van Till continued, "Our successful completion of the SAS 70 Type II means our customers can be assured that they are in full compliance with their own audit requirements for the outsourced security services that we provide. This gives our customers peace of mind and saves them considerable time and expense."


In addition to Sarbanes-Oxley compliance, the Health Insurance Portability and Accountability Act (HIPAA) requirements are also driving increased reliance on SAS 70 audits. "Healthcare organizations subject to HIPAA have become much more concerned with compliance by their vendors," according to Van Till, "but we have found they are generally willing to accept a SAS 70 audit statement as proof that their privacy requirements are being properly handled."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo