(WEB HOST INDUSTRY REVIEW) — Data center operator Core NAP (www.corenap.com) announced on Monday it has completed the Statement on Auditing Standard No. 70 Type II audit of its general controls supporting data center operations.
Performed by a nationally recognized independent auditing firm, the audit covered included Core NAP’s network monitoring, problem escalation and support services, as well as the general controls that support these activities.
The SAS 70 audit was established by the American Institute of Certified Public Accountants Statement, and is titled “Reports on the Processing of Transactions by Service Organizations”.
The audit defines the professional standards used by a service auditor to assess a service organization’s internal controls and issue a detailed report.
In order to complete the audit, Core NAP management developed control objectives for areas of internal control that support the company’s data center operations, including physical security, environmental security, network monitoring, problem escalation and support.
“Core NAP’s management understands the ever-increasing importance of corporate governance, as well as the impact of the organization’s services on our clients’ internal controls,” says Kenneth Smith, president and CEO of Core NAP. “The successful completion of the SAS 70 audit is only part of Core NAP’s continued commitment to maintaining a high level of internal control. To ensure ongoing adherence to the latest operational and data security standards, we have engaged our service auditor to undergo a Type II audit on an annual basis.”
The Sarbanes-Oxley legislation has placed an increased focus on the internal controls of business partners, the SAS 70 audit report is designed to provide Core NAP clients with a certain level of assurance relating the controls that are maintained by the company’s management.
Other companies to recently complete SAS 70 Type II Audits include i/o Data Centers, DataSite Orlando, New York Internet Company, REDPLAID Managed Hosting and Host.net.
The SAS 70 report addresses all five components of internal control outlined in Sarbanes-Oxley, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities.
