Toll Free 1-888-231-9396  |  24/7 Live Tech Support 1-307-460-4602   |  BLOG  |   Contact Form

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SAS 70 Type II certificate: How does Host Up guarantee security standards for your data

Every hosting company can say they offer security to their customers. But not every one can prove it. At Host Ut we go beyond such declarations. We know how important it is to know that your data is kept safe. That is why we have passed the arduous and long process of the SAS 70 Type II audit, demonstrating that Host Up meets the standards of data security and protection.

What is the SAS 70 Type II certification?

Statement on Auditing Standards No. 70: Service Organizations commonly abbreviated as SAS 70 is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). Virtually every IT enterprise has a data security and protection policy. However the terms of this protection are usually created without much thought or are based on a collection of inconsistent guidelines, the performance of which is not strict. The responsibilities are unclear, problem management procedures are obscure or nonexistent and it is unknown how to protect every resource - not just those that the makers of company policy happened to imagine.

This is why the AICPA has worked out a set of guidelines, which include all the good practices in data security and protection. Their implementation in companies and organisations enable a multi-level system of procedures to guarantee that no data security aspect will be missed and that all potential emergencies will be remedied as effectively as possible.
AICPA requires the following from the companies and organisations applying for the international safety compliance certificate:
  • to design and implement a comprehensive and consistent information security control and risk management system to fend off unacceptable risks;
  • to implement management procedures which will guarantee uninterrupted performance of the information security system;
  • to systematically assess ongoing threat levels by analysing all attacks, weak points or natural disasters.
There are two types of service auditor reports. A Type I service auditor’s report includes the service auditor's opinion on the fairness of the presentation of the service organization's description of controls that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives. A Type II service auditor’s report includes the information contained in a Type I service auditor's report and also includes the service auditor's opinion on whether the specific controls were operating effectively during the period under review.
 
All of this is performed in eleven areas defined by SAS 70 and which affect data security in enterprises and organisations. These are:
  1. Network Security
  2. Physical Security - Corporate Facilities
  3. Physical Security - Datacenter
  4. Environmental Security - Corporate Facilities
  5. Environmental Security - Datacenter
  6. Business Continuity and Disaster Recovery Planning (BCDRP)
  7. Logical Security
  8. Change Management - Internally Developed applications and solutions
  9. Change Management - Corporate wide infrastructure
  10. Computer Operations 
  11. Executive Tone and Senior Management Decision Making Processes
  12. Human Resources
  13. Customer Solution Design and Customer Contract Process

Host Up had to pass a strict audit to receive SAS 70 Type II data security compliance certification. The audit consisted of an in-depth analysis of our security and risk management system documentation, performed by independent auditors, who then demonstrated that the system has been properly designed and implemented to provide the highest level of data security in all of the eleven SAS-defined potential hazard areas surveyed by the auditors.

Issue of SAS 70 Type II certification does not mean that we can stop caring. AICPA auditors will frequently verify whether our system continues to conform to the requirements of the international standards.

What benefits does acquiring SAS 70 Type II certification bring?

Getting SAS 70 Type II certification is not just about acquiring some "paper". It translates into measurable benefits for Host Up:

  • we have gained the evidence that we guarantee real security, and this evidence is recognised by third parties;
  • we have gained a competitive edge - the quality of our services has been certified by a globally recognised authority;
  • we have lowered our costs and prices through an optimised security management structure;
  • we have made security an integral part of our business processes;
  • we have made our employees profoundly aware of security issues;
  • we have guaranteed the continuity of our business operations by conforming to world-class standards.
All of these advantages work for our customers too. They give you a basis to entrust us with your mission critical data.