More jargon: What is a SAS Type II Exam?

We've touched on the rise of software-as-a-service and how it might affect compliance initiatives. We noted then that more SaaS solution providers in the GRC arena may feel the need to publicize that they have passed something called SAS 70 Type II examinations, which are performed by auditors. In the last week, a raft of companies have come forward with such announcements, notably Bwise but also AmeriVault and ViaWest. This all makes sense, though more jargon is the last thing we need. Companies are placing more pressure on service providers and their controls environment as a way to satisfy their auditors. Hosted-service providers these days are expected to do what they can to help. Passing the exam should provide some comfort. The Statement on Auditing Standards (SAS) No. 70 is the creation of the American Institute of Certified Public Accountants (AICPA). It basically means that the service providers has had an auditor take a look at their processes and controls and they have been deemed adequate.

For more:
- see this release from Bwise
- read this AmeriVault release
- and this release from ViaWest