All client data is stored by a hosting provider that has completed a SAS70 audit. For IT governance, the SAS audits are based on the internationally accepted set of guidance materials from ISACA’s COBIT - designed to assist in the implementation of effective IT governance throughout an enterprise.

SAS 70 Overview

Service organizations, such as hosted data centers, insurance claims processors, and credit processing companies, provide outsourcing services that affect the operation of the contracting enterprise. The SAS 70 was developed by the American Institute of Certified Public Accountants (AICPA) as a simplification of a set of criteria for auditing standards originally defined in 1988.

Under SAS 70, auditor reports are classified as either Type I or Type II.
A Type I report describes the service organization’s description of controls at a specific point in time (e.g. June 30, 2003).  The auditor evaluates the efforts of a service organization to prevent accounting inconsistencies, errors, and misrepresentation, and the likelihood that those efforts will produce the desired future results.

A Type II report not only includes the service organization’s description of controls, but also includes detailed testing of the service organization’s controls over a minimum six month period (e.g. January 1, 2003 to June 30, 2003).

We also use Amazon’s S3 (Simple Storage Service) for the storage of documents (or any artifact such as pictures, Flash files, etc.).

We also require all job candidates read and sign the EMPLOYEE PROPRIETARY INFORMATION AGREEMENT as a condition of employment that explicitly requires the protection of Third Party Information. We also do background checks on potential employees.