Why SAS70 matters for file transfers

When it comes to maintaining tight custody and control over your data when handled by online service providers, you need the upmost assurance that those parties conform to the highest possible internal control standards. For this purpose, selecting a company that is SAS70 certified will ensure they have reached a high standard in operational effectiveness and security.

SAS70 matters because it is an internationally recognized auditing standard for service companies. Service companies often handle outsourced services for other companies, creating a need for verifiable standards. The SAS70 standard was created by the American Institute of Certified Public Accountants with the goal to report on how transactions are processed by service companies. Companies are assessed on 5 elements of internal control, including; Control Environment, Risk Assessment, Control Activities, Information/Communication and Monitoring. To reduce the possibility of conflict of interest, the audit is performed by a 3rd party. Finally, Type II audits are performed over the course of 6 months rather than on a particular date in time (i.e., Type I).

Through Sarbanes-Oxley the SEC has created even more demand for SAS70 audits. Section 404 of the Sarbanes-Oxley Act of 2002 informs us of “the need for management of a corporation to establish effective internal controls and contain an assessment, as of the end of the most recent fiscal year, of the effectiveness of the internal control structure and procedures for financial reporting.” This inclusion has led to the popularization of the SAS70 standard as the de facto security standard for networking and data centers.

We are proud to report that all SendThisFile data centers are 100% SAS70 type II certified. Such a certification ensures compliance with Sarbanes-Oxley and reinforces our dedication to security and control. This is an achievement that few of our managed transfer competitors claim.