What is SAS-70?
In 1992 the American Institute of Certified Public Accountants (AICPA) developed the Statement on Auditing Standards Number 70 (SAS-70) for evaluating service organizations. The SAS-70 report is an in depth assessment of a service organization's controls, safeguards and activities which is performed by an independent auditor.

What types of companies should undergo SAS-70 audits?
SAS-70 audits are beneficial to any service organization which provides outsourced services to another organization. These audits are especially important to service organizations whos offerings are considered mission critical. It is often the case when a user organization is being evaluated or undergoing its own internal audits, the user auditor will require the service organization to turn in a SAS-70 report generated by the service organization's auditor.

Why does Net Access Corp. (NAC) undergo a SAS-70 Type II audit?
The Senior Management of Net Access Corporation chose to perform an annual SAS-70 audit because it ensures that both the policies and procedures (controls) that the deparment managers have put in place, meet or exceed the generally accepted best practices of the industry, and that these controls are being tested on a regular basis. The audit process affords them an extremely detailed view into the day-to-day operations of the business, which helps them to identify and rectify any weakness in controls. As the data used to complete the SAS-70 Type II audit comes from data collected over a period of time it ensures that every employee is following every policy to the letter every time. Regular auditing ensures no employee is taking short cuts which may jeopardize the security or stability of the service environment.