Hacker News new | past | comments | ask | show | jobs | submit login

Fair enough, but why can only CPAs perform such audits? It is spending $20K-$40K per audit for essentially nothing of importance. This cost gets passed on to customers.



I don't know that it's CPAs specifically. But it is essentially an audit/control document.

Auditors are trained in, like, you know, auditing.

Which is rather more than just beancounting, preconceptions notwithstanding.


http://sas70.com/sas70_faqs.html ; Question #2 - who can perform/sign off on audits? Only CPAs.


Thanks.

And again: what the audit entails is interviews, requesting and reviewing records, and the like. This doesn't guarantee that a SAS70 site is doing what it says it's doing. But if there are gross inconsistencies in the statements and documents, they should stand out.

From there, use the SAS70 report as a basis for your own questions. There are some very good summaries of things to as at sites such as ServerFault, WebHostingTalk, O'Reilly, and elsewhere.

If the SAS70 report says that all access is controlled, but you find you're able to casually stroll through the main door ... something's not adding up. Dig deeper.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: