SOX News

Core Services Receives SAS 70 Type II Certification for Fifth Consecutive Year

(Oct 25, 2007)-- Core Services Corporation, an award-winning Oracle Certified Partner, announced today that, for the fifth consecutive year, it has received a satisfactory report on selected IT controls, as prepared under the guidelines of American Institute of CPAs' Statement on Auditing Standards No. 70 (SAS 70). The "Type II" report, which is applicable to Core's hosting service business segment, will be issued by the New York-based accounting and consulting firm of Eisner LLP.

Core Services recognizes that Sarbanes-Oxley legislation has placed an increased focus on the internal controls, but views the audit report as a tool designed to provide Core's clients with a certain level of assurance regarding the internal controls consistently maintained by Core Services. The SAS 70 Type II report addresses all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities.

The SAS 70 Type II examination is widely recognized because it guarantees a service organization has undergone a review of various IT control activities. Issued by an independent accounting firm, the unqualified opinion of the SAS 70 report differentiates Core Services from many of its competitors by demonstrating Core's commitment to, and establishment of, well-designed and executed control objectives and related processes and procedures.

Bistis explains that passing an SAS 70 Type II examination is essentially a "price of admission" for applications service providers. "They provide clients with vital third-party assurance that a wide array of mission-critical internal controls have been exhaustively examined, documented, and tested," says Bistis. "This certification confirms that our processes and procedures meet the highest standards, support the secure, effective delivery of our services, and can withstand the scrutiny of independent accountants. This is an important distinction from some of our competitors who only have their collocation landlord's data center facilities examined. In those situations, there is no assurance that SAS 70 Type II criteria apply to an ASP's internal processes, procedures, and controls at all, potentially posing a significant risk to its clients."

Coupled with increased regulatory mandates and guidelines for businesses, SAS 70 Type II examinations have been propelled to the forefront of business test practices and will continue to be part of Core Services' ongoing security and process documentation discipline.

Share or bookmarklet this web page at: