SlideShare a Scribd company logo

Is your saas system in line with sox compliance requirements

Download as DOCX, PDF
W
williamsjohnseoexperts
BusinessTechnology
1 of 2
Is your SaaS system in line with SOX compliance requirements? Adoption rates for Software as a Service (SaaS) have grown exponentially in the past few years, and with reason. A SaaS vendor can help companies implement software more quickly and less expensively than IT systems that require local installs. Many SaaS products also allow universal access and real-time updates. The benefits of SaaS systems are numerous, but one overarching concern has hampered the potential for universal SaaS adoption: data security. Many businesses are uncomfortable with trusting their internal data to an external location and relying on a SaaS vendor’s infrastructure to keep information safe from corruption and theft. In addition, there are legal implications involved with storing company data off-site. Sarbanes-Oxley Act (SOX) compliance requirements stipulate that a company is fully responsible for its own data, regardless of whether the data is stored on-site or entrusted to an outside vendor. So how do you maximize the benefits of SaaS while minimizing the risk of data issues or legal trouble? SaaS and data security There is a major misconception related to SaaS -- that it’s more vulnerable than internally stored data systems. While it’s true that SaaS data can be compromised, it’s more accurate to view SaaS security threats as “different” rather than “more extensive.” In fact, in-house storage systems may be less secure than your average SaaS software. Whereas the SaaS vendor’s business model is built on data storage and security, these considerations are incidental for many other businesses. Also, consider the fact that in-house solutions require constant upkeep and maintenance, which the average IT personnel might have difficulty completing. Good SaaS vendors can eliminate this problem by offering regular updates and knowledgeable maintenance in the event of a malfunction. SOX compliance requirements are the concern for most publicly traded companies, particularly when it comes to financial data storage. The reason for this is very simple: A company’s signing officers are responsible for fair and complete financial statements to remain SOX compliant. If there is a discrepancy between reported and actual data, they could face severe punishments, up to and including jail time. Obviously, if such a company is considering external data storage that has any relation whatsoever to financial information, it’s going to require assurance that the data is secure. Fortunately, there are ways to check for that security and determine the trustworthiness of potential SaaS vendors.
SAS 70: A cure for the common corruption If a company uses a SaaS vendor, that vendor should be required to submit a SAS 70 audit report. The SAS 70 report demonstrates the accuracy and completeness of a vendor’s internal controls. Further, it can obviate a company’s physical audit of said vendor, saving time and money. There are two types of SAS 70 audits: Type I and Type II. The Type I audit determines the adequacy of a SaaS vendor’s internal controls, and whether or not they have been fairly and completely described. Type II audits look at the same controls but take it further by testing them. A Type II audit is much sounder and may even be required by a company’s own auditors. But many vendors begin with a Type I audit and then undergo a Type II audit should the need arise. A company should examine the sensitivity of data being stored with a SaaS vendor, and then determine what type of audit is preferable. If it makes more sense, the company can conduct a Type II audit later. A SAS 70 report is an excellent method of evaluation, but it isn’t a substitute for a solid contract between a company and a SaaS vendor. In addition to making sure that auditors accept the report, a company must determine that the report has been read and understood. When it comes time to solidify a business relationship, a company might want to consider some of the following stipulations in the SaaS contract: Advanced warning of system notifications, along with set time requirements and who must be notified. Uptime percentage guarantees. Notification of outages, including a resolution plan and timetable. List of backup procedures. Tech support policies and procedures. Physical security procedures. Device and media controls. Use of system monitoring tools. Take these security measures into account, and SaaS should not pose a more significant threat than on-site data storage. If you have the opportunity to introduce SaaS systems into your organization, it is certainly worth the examination to determine the extent to which it can streamline your company. Odds are it will match up with some or all of your data needs. Reference Link: http://searchcompliance.techtarget.com/tip/Is-your-SaaS-system-in-line-with- SOX-compliance-requirements

Recommended

Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]LinkedIn
 
death by interview
death by interviewdeath by interview
death by interviewwilliamsjohnseoexperts
 
the rise of telecommuting and what it means for your business
the rise of telecommuting and what it means for your businessthe rise of telecommuting and what it means for your business
the rise of telecommuting and what it means for your businesswilliamsjohnseoexperts
 
do you know your per person, per-project profitability
do you know your per person, per-project profitabilitydo you know your per person, per-project profitability
do you know your per person, per-project profitabilitywilliamsjohnseoexperts
 
THE SEARCH FOR THE RIGHT INTEGRATION TO PAYROLL AND ACCOUNTING SOLUTION
THE SEARCH FOR THE RIGHT INTEGRATION TO PAYROLL AND ACCOUNTING SOLUTIONTHE SEARCH FOR THE RIGHT INTEGRATION TO PAYROLL AND ACCOUNTING SOLUTION
THE SEARCH FOR THE RIGHT INTEGRATION TO PAYROLL AND ACCOUNTING SOLUTIONwilliamsjohnseoexperts
 
IS LATE REALLY BETTER THAN NEVER?
IS LATE REALLY BETTER THAN NEVER?IS LATE REALLY BETTER THAN NEVER?
IS LATE REALLY BETTER THAN NEVER?williamsjohnseoexperts
 
Take the initiative
Take the initiativeTake the initiative
Take the initiativewilliamsjohnseoexperts
 
‘We the people’ have an issue with customer communication
‘We the people’ have an issue with customer communication‘We the people’ have an issue with customer communication
‘We the people’ have an issue with customer communicationwilliamsjohnseoexperts
 

Recommended

Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]LinkedIn
 
death by interview
death by interviewdeath by interview
death by interviewwilliamsjohnseoexperts
 
the rise of telecommuting and what it means for your business
the rise of telecommuting and what it means for your businessthe rise of telecommuting and what it means for your business
the rise of telecommuting and what it means for your businesswilliamsjohnseoexperts
 
do you know your per person, per-project profitability
do you know your per person, per-project profitabilitydo you know your per person, per-project profitability
do you know your per person, per-project profitabilitywilliamsjohnseoexperts
 
THE SEARCH FOR THE RIGHT INTEGRATION TO PAYROLL AND ACCOUNTING SOLUTION
THE SEARCH FOR THE RIGHT INTEGRATION TO PAYROLL AND ACCOUNTING SOLUTIONTHE SEARCH FOR THE RIGHT INTEGRATION TO PAYROLL AND ACCOUNTING SOLUTION
THE SEARCH FOR THE RIGHT INTEGRATION TO PAYROLL AND ACCOUNTING SOLUTIONwilliamsjohnseoexperts
 
IS LATE REALLY BETTER THAN NEVER?
IS LATE REALLY BETTER THAN NEVER?IS LATE REALLY BETTER THAN NEVER?
IS LATE REALLY BETTER THAN NEVER?williamsjohnseoexperts
 
Take the initiative
Take the initiativeTake the initiative
Take the initiativewilliamsjohnseoexperts
 
‘We the people’ have an issue with customer communication
‘We the people’ have an issue with customer communication‘We the people’ have an issue with customer communication
‘We the people’ have an issue with customer communicationwilliamsjohnseoexperts
 
Time bound customer service communication
Time bound customer service communicationTime bound customer service communication
Time bound customer service communicationwilliamsjohnseoexperts
 
Five common sense time management mistakes in project accounting — and tips t...
Five common sense time management mistakes in project accounting — and tips t...Five common sense time management mistakes in project accounting — and tips t...
Five common sense time management mistakes in project accounting — and tips t...williamsjohnseoexperts
 
Entrepreneur interview curt finch, journyx
Entrepreneur interview curt finch, journyxEntrepreneur interview curt finch, journyx
Entrepreneur interview curt finch, journyxwilliamsjohnseoexperts
 
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE REDUCING STRUCTURE FOR IMPROVED PERFORMANCE
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE williamsjohnseoexperts
 
PERFECT YOUR PARTNERSHIPS
PERFECT YOUR PARTNERSHIPSPERFECT YOUR PARTNERSHIPS
PERFECT YOUR PARTNERSHIPSwilliamsjohnseoexperts
 
Understanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise SolutionUnderstanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise Solutionwilliamsjohnseoexperts
 
Death by interview
Death by interviewDeath by interview
Death by interviewwilliamsjohnseoexperts
 
Defining Web 2.0
Defining Web 2.0Defining Web 2.0
Defining Web 2.0williamsjohnseoexperts
 
Compensation Compliance for Federal Contractors: The Rules Have Changed!
Compensation Compliance for Federal Contractors: The Rules Have Changed!Compensation Compliance for Federal Contractors: The Rules Have Changed!
Compensation Compliance for Federal Contractors: The Rules Have Changed!williamsjohnseoexperts
 
Small Business News and Information
Small Business News and InformationSmall Business News and Information
Small Business News and Informationwilliamsjohnseoexperts
 
Getting beyond the water cooler
Getting beyond the water coolerGetting beyond the water cooler
Getting beyond the water coolerwilliamsjohnseoexperts
 
Project portfolio management and what it means for your company
Project portfolio management and what it means for your companyProject portfolio management and what it means for your company
Project portfolio management and what it means for your companywilliamsjohnseoexperts
 
JOURNYX IS MORE THAN A TIMESHEET
JOURNYX IS MORE THAN A TIMESHEETJOURNYX IS MORE THAN A TIMESHEET
JOURNYX IS MORE THAN A TIMESHEETwilliamsjohnseoexperts
 
JOURNYX PINTEREST
JOURNYX PINTERESTJOURNYX PINTEREST
JOURNYX PINTERESTwilliamsjohnseoexperts
 
How to Achieve Per-Project Profitability
How to Achieve Per-Project ProfitabilityHow to Achieve Per-Project Profitability
How to Achieve Per-Project Profitabilitywilliamsjohnseoexperts
 
Bring Your Own… Communication?
Bring Your Own… Communication?Bring Your Own… Communication?
Bring Your Own… Communication?williamsjohnseoexperts
 
Google drive and skydrive and dropbox
Google drive and skydrive and dropboxGoogle drive and skydrive and dropbox
Google drive and skydrive and dropboxwilliamsjohnseoexperts
 
WE DID SOMETHING OUT OF THE ORDINARY
WE DID SOMETHING OUT OF THE ORDINARYWE DID SOMETHING OUT OF THE ORDINARY
WE DID SOMETHING OUT OF THE ORDINARYwilliamsjohnseoexperts
 
Coordinating pm os and executives
Coordinating pm os and executivesCoordinating pm os and executives
Coordinating pm os and executiveswilliamsjohnseoexperts
 
7 ways to get your company organized by simply tracking time
7 ways to get your company organized by simply tracking time7 ways to get your company organized by simply tracking time
7 ways to get your company organized by simply tracking timewilliamsjohnseoexperts
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...Khaled Al Awadi
 

More Related Content

More from williamsjohnseoexperts

Time bound customer service communication
Time bound customer service communicationTime bound customer service communication
Time bound customer service communicationwilliamsjohnseoexperts
 
Five common sense time management mistakes in project accounting — and tips t...
Five common sense time management mistakes in project accounting — and tips t...Five common sense time management mistakes in project accounting — and tips t...
Five common sense time management mistakes in project accounting — and tips t...williamsjohnseoexperts
 
Entrepreneur interview curt finch, journyx
Entrepreneur interview curt finch, journyxEntrepreneur interview curt finch, journyx
Entrepreneur interview curt finch, journyxwilliamsjohnseoexperts
 
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE REDUCING STRUCTURE FOR IMPROVED PERFORMANCE
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE williamsjohnseoexperts
 
Understanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise SolutionUnderstanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise Solutionwilliamsjohnseoexperts
 
Compensation Compliance for Federal Contractors: The Rules Have Changed!
Compensation Compliance for Federal Contractors: The Rules Have Changed!Compensation Compliance for Federal Contractors: The Rules Have Changed!
Compensation Compliance for Federal Contractors: The Rules Have Changed!williamsjohnseoexperts
 
Project portfolio management and what it means for your company
Project portfolio management and what it means for your companyProject portfolio management and what it means for your company
Project portfolio management and what it means for your companywilliamsjohnseoexperts
 
How to Achieve Per-Project Profitability
How to Achieve Per-Project ProfitabilityHow to Achieve Per-Project Profitability
How to Achieve Per-Project Profitabilitywilliamsjohnseoexperts
 
7 ways to get your company organized by simply tracking time
7 ways to get your company organized by simply tracking time7 ways to get your company organized by simply tracking time
7 ways to get your company organized by simply tracking timewilliamsjohnseoexperts
 

More from williamsjohnseoexperts (20)

Time bound customer service communication
Time bound customer service communicationTime bound customer service communication
Time bound customer service communication
 
Five common sense time management mistakes in project accounting — and tips t...
Five common sense time management mistakes in project accounting — and tips t...Five common sense time management mistakes in project accounting — and tips t...
Five common sense time management mistakes in project accounting — and tips t...
 
Entrepreneur interview curt finch, journyx
Entrepreneur interview curt finch, journyxEntrepreneur interview curt finch, journyx
Entrepreneur interview curt finch, journyx
 
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE REDUCING STRUCTURE FOR IMPROVED PERFORMANCE
REDUCING STRUCTURE FOR IMPROVED PERFORMANCE
 
PERFECT YOUR PARTNERSHIPS
PERFECT YOUR PARTNERSHIPSPERFECT YOUR PARTNERSHIPS
PERFECT YOUR PARTNERSHIPS
 
Understanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise SolutionUnderstanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise Solution
 
Death by interview
Death by interviewDeath by interview
Death by interview
 
Defining Web 2.0
Defining Web 2.0Defining Web 2.0
Defining Web 2.0
 
Compensation Compliance for Federal Contractors: The Rules Have Changed!
Compensation Compliance for Federal Contractors: The Rules Have Changed!Compensation Compliance for Federal Contractors: The Rules Have Changed!
Compensation Compliance for Federal Contractors: The Rules Have Changed!
 
Small Business News and Information
Small Business News and InformationSmall Business News and Information
Small Business News and Information
 
Getting beyond the water cooler
Getting beyond the water coolerGetting beyond the water cooler
Getting beyond the water cooler
 
Project portfolio management and what it means for your company
Project portfolio management and what it means for your companyProject portfolio management and what it means for your company
Project portfolio management and what it means for your company
 
JOURNYX IS MORE THAN A TIMESHEET
JOURNYX IS MORE THAN A TIMESHEETJOURNYX IS MORE THAN A TIMESHEET
JOURNYX IS MORE THAN A TIMESHEET
 
JOURNYX PINTEREST
JOURNYX PINTERESTJOURNYX PINTEREST
JOURNYX PINTEREST
 
How to Achieve Per-Project Profitability
How to Achieve Per-Project ProfitabilityHow to Achieve Per-Project Profitability
How to Achieve Per-Project Profitability
 
Bring Your Own… Communication?
Bring Your Own… Communication?Bring Your Own… Communication?
Bring Your Own… Communication?
 
Google drive and skydrive and dropbox
Google drive and skydrive and dropboxGoogle drive and skydrive and dropbox
Google drive and skydrive and dropbox
 
WE DID SOMETHING OUT OF THE ORDINARY
WE DID SOMETHING OUT OF THE ORDINARYWE DID SOMETHING OUT OF THE ORDINARY
WE DID SOMETHING OUT OF THE ORDINARY
 
Coordinating pm os and executives
Coordinating pm os and executivesCoordinating pm os and executives
Coordinating pm os and executives
 
7 ways to get your company organized by simply tracking time
7 ways to get your company organized by simply tracking time7 ways to get your company organized by simply tracking time
7 ways to get your company organized by simply tracking time
 

Recently uploaded

Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...Khaled Al Awadi
 
How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?Alejandro Cremades
 
The Truth About Dinesh Bafna's Situation.pdf
The Truth About Dinesh Bafna's Situation.pdfThe Truth About Dinesh Bafna's Situation.pdf
The Truth About Dinesh Bafna's Situation.pdfMont Surfaces
 
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptxBlinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptxSaksham Gupta
 
hyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementshyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementsirhcs
 
tekAura | Desktop Procedure Template (2016)
tekAura | Desktop Procedure Template (2016)tekAura | Desktop Procedure Template (2016)
tekAura | Desktop Procedure Template (2016)Norah Medlin
 
Potato Flakes Manufacturing Plant Project Report.pdf
Potato Flakes Manufacturing Plant Project Report.pdfPotato Flakes Manufacturing Plant Project Report.pdf
Potato Flakes Manufacturing Plant Project Report.pdfhostl9518
 
Copyright: What Creators and Users of Art Need to Know
Copyright: What Creators and Users of Art Need to KnowCopyright: What Creators and Users of Art Need to Know
Copyright: What Creators and Users of Art Need to KnowMiriam Robeson
 
Powers and Functions of CPCB - The Water Act 1974.pdf
Powers and Functions of CPCB - The Water Act 1974.pdfPowers and Functions of CPCB - The Water Act 1974.pdf
Powers and Functions of CPCB - The Water Act 1974.pdflinciy03
 
A Brief Introduction About Jacob Badgett
A Brief Introduction About Jacob BadgettA Brief Introduction About Jacob Badgett
A Brief Introduction About Jacob BadgettJacobBadgett
 
NFS- Operations Presentation - Recurrent
NFS- Operations Presentation - RecurrentNFS- Operations Presentation - Recurrent
NFS- Operations Presentation - Recurrenttoniquemcintosh1
 
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODFRATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODFCaitlinCummins3
 
PitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsPitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsAlejandro Cremades
 
8 Questions B2B Commercial Teams Can Ask To Help Product Discovery
8 Questions B2B Commercial Teams Can Ask To Help Product Discovery8 Questions B2B Commercial Teams Can Ask To Help Product Discovery
8 Questions B2B Commercial Teams Can Ask To Help Product DiscoveryDesmond Leo
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxrdishurana
 
Aptar Closures segment - Corporate Overview-India.pdf
Aptar Closures segment - Corporate Overview-India.pdfAptar Closures segment - Corporate Overview-India.pdf
Aptar Closures segment - Corporate Overview-India.pdfprchbhandari
 
Falcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small BusinessesFalcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small BusinessesFalcon investment
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdfAgusHalim9
 
Constitution of Company Article of Association
Constitution of Company Article of AssociationConstitution of Company Article of Association
Constitution of Company Article of Associationseri bangash
 

Recently uploaded (20)

Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
 
How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?
 
The Truth About Dinesh Bafna's Situation.pdf
The Truth About Dinesh Bafna's Situation.pdfThe Truth About Dinesh Bafna's Situation.pdf
The Truth About Dinesh Bafna's Situation.pdf
 
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptxBlinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
 
hyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementshyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statements
 
tekAura | Desktop Procedure Template (2016)
tekAura | Desktop Procedure Template (2016)tekAura | Desktop Procedure Template (2016)
tekAura | Desktop Procedure Template (2016)
 
Potato Flakes Manufacturing Plant Project Report.pdf
Potato Flakes Manufacturing Plant Project Report.pdfPotato Flakes Manufacturing Plant Project Report.pdf
Potato Flakes Manufacturing Plant Project Report.pdf
 
Copyright: What Creators and Users of Art Need to Know
Copyright: What Creators and Users of Art Need to KnowCopyright: What Creators and Users of Art Need to Know
Copyright: What Creators and Users of Art Need to Know
 
Powers and Functions of CPCB - The Water Act 1974.pdf
Powers and Functions of CPCB - The Water Act 1974.pdfPowers and Functions of CPCB - The Water Act 1974.pdf
Powers and Functions of CPCB - The Water Act 1974.pdf
 
A Brief Introduction About Jacob Badgett
A Brief Introduction About Jacob BadgettA Brief Introduction About Jacob Badgett
A Brief Introduction About Jacob Badgett
 
NFS- Operations Presentation - Recurrent
NFS- Operations Presentation - RecurrentNFS- Operations Presentation - Recurrent
NFS- Operations Presentation - Recurrent
 
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODFRATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
RATINGS OF EACH VIDEO FOR UNI PROJECT IWDSFODF
 
PitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for StartupsPitchBook’s Guide to VC Funding for Startups
PitchBook’s Guide to VC Funding for Startups
 
8 Questions B2B Commercial Teams Can Ask To Help Product Discovery
8 Questions B2B Commercial Teams Can Ask To Help Product Discovery8 Questions B2B Commercial Teams Can Ask To Help Product Discovery
8 Questions B2B Commercial Teams Can Ask To Help Product Discovery
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptx
 
Aptar Closures segment - Corporate Overview-India.pdf
Aptar Closures segment - Corporate Overview-India.pdfAptar Closures segment - Corporate Overview-India.pdf
Aptar Closures segment - Corporate Overview-India.pdf
 
Falcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small BusinessesFalcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small Businesses
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (2024).pdf
 
Constitution of Company Article of Association
Constitution of Company Article of AssociationConstitution of Company Article of Association
Constitution of Company Article of Association
 

Is your saas system in line with sox compliance requirements

  • 1. Is your SaaS system in line with SOX compliance requirements? Adoption rates for Software as a Service (SaaS) have grown exponentially in the past few years, and with reason. A SaaS vendor can help companies implement software more quickly and less expensively than IT systems that require local installs. Many SaaS products also allow universal access and real-time updates. The benefits of SaaS systems are numerous, but one overarching concern has hampered the potential for universal SaaS adoption: data security. Many businesses are uncomfortable with trusting their internal data to an external location and relying on a SaaS vendor’s infrastructure to keep information safe from corruption and theft. In addition, there are legal implications involved with storing company data off-site. Sarbanes-Oxley Act (SOX) compliance requirements stipulate that a company is fully responsible for its own data, regardless of whether the data is stored on-site or entrusted to an outside vendor. So how do you maximize the benefits of SaaS while minimizing the risk of data issues or legal trouble? SaaS and data security There is a major misconception related to SaaS -- that it’s more vulnerable than internally stored data systems. While it’s true that SaaS data can be compromised, it’s more accurate to view SaaS security threats as “different” rather than “more extensive.” In fact, in-house storage systems may be less secure than your average SaaS software. Whereas the SaaS vendor’s business model is built on data storage and security, these considerations are incidental for many other businesses. Also, consider the fact that in-house solutions require constant upkeep and maintenance, which the average IT personnel might have difficulty completing. Good SaaS vendors can eliminate this problem by offering regular updates and knowledgeable maintenance in the event of a malfunction. SOX compliance requirements are the concern for most publicly traded companies, particularly when it comes to financial data storage. The reason for this is very simple: A company’s signing officers are responsible for fair and complete financial statements to remain SOX compliant. If there is a discrepancy between reported and actual data, they could face severe punishments, up to and including jail time. Obviously, if such a company is considering external data storage that has any relation whatsoever to financial information, it’s going to require assurance that the data is secure. Fortunately, there are ways to check for that security and determine the trustworthiness of potential SaaS vendors.
  • 2. SAS 70: A cure for the common corruption If a company uses a SaaS vendor, that vendor should be required to submit a SAS 70 audit report. The SAS 70 report demonstrates the accuracy and completeness of a vendor’s internal controls. Further, it can obviate a company’s physical audit of said vendor, saving time and money. There are two types of SAS 70 audits: Type I and Type II. The Type I audit determines the adequacy of a SaaS vendor’s internal controls, and whether or not they have been fairly and completely described. Type II audits look at the same controls but take it further by testing them. A Type II audit is much sounder and may even be required by a company’s own auditors. But many vendors begin with a Type I audit and then undergo a Type II audit should the need arise. A company should examine the sensitivity of data being stored with a SaaS vendor, and then determine what type of audit is preferable. If it makes more sense, the company can conduct a Type II audit later. A SAS 70 report is an excellent method of evaluation, but it isn’t a substitute for a solid contract between a company and a SaaS vendor. In addition to making sure that auditors accept the report, a company must determine that the report has been read and understood. When it comes time to solidify a business relationship, a company might want to consider some of the following stipulations in the SaaS contract: Advanced warning of system notifications, along with set time requirements and who must be notified. Uptime percentage guarantees. Notification of outages, including a resolution plan and timetable. List of backup procedures. Tech support policies and procedures. Physical security procedures. Device and media controls. Use of system monitoring tools. Take these security measures into account, and SaaS should not pose a more significant threat than on-site data storage. If you have the opportunity to introduce SaaS systems into your organization, it is certainly worth the examination to determine the extent to which it can streamline your company. Odds are it will match up with some or all of your data needs. Reference Link: http://searchcompliance.techtarget.com/tip/Is-your-SaaS-system-in-line-with- SOX-compliance-requirements