Frequently Asked Questions (FAQ)
Welcome to the SAS 70 FAQ main index. Click on any of items from the list below. Feel free to submit your questions to the following e-mail address:
info@sas70.com
.
1. What are the differences between SAS 70 and the ISO 9000 family of standards?
2. Who can perform a SAS 70 audit? What should the service organization look for?
3. Does my entire organization have to be audited?
4. How are SAS 70 audit reports generally distributed?
5. What are the contents of a SAS 70 report?
6. How do I read a SAS 70 report?
7. What if my service provider does not have a SAS 70 audit performed?
8. Can a SAS 70 audit be performed outside of the United States?
9. What is SysTrust? What is the difference between a SAS 70 audit and a SysTrust audit?
10. What is WebTrust?
11. Is there a baseline standard for how a service organization should disclose its controls?
12. How can a service provider prepare for a SAS 70 audit?
13. Where can I get a copy of the SAS 70 audit standard?
14. Is there a list of SAS 70 standards, control objectives, or checklists?
15. What is ISO 17799? What is BS 7799?
16. How much does a SAS 70 audit/examination cost?
17. Can I have a control objective related to Business Continuity and/or Disaster Recovery?
18. What is Sarbanes-Oxley? What do service organizations need to know?
19. How does an organization "pass" or "fail" a SAS 70 audit?
20. How often does a SAS 70 audit need to be renewed? Does a SAS 70 audit ever expire?
21. Can I display the SAS 70 shield logo on my website?
Return to the Main Index
Last updated: August 10, 2007
Copyright 2000 - 2007