Aon eSolutions Successfully Completes SAS 70 Type II Examination  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

SOX News

Aon eSolutions Successfully Completes SAS 70 Type II Examination

(March 24, 2008)-- Aon eSolutions, provider of global browser-based risk management information systems, announced it has successfully completed the SAS 70 (Statement of Auditing Standards No. 70) Type II examination, which was conducted by Ernst & Young, a global leader in assurance, tax, transaction and advisory services.

Aon eSolutions operates as a Software as a Service (SaaS) provider, offering Aon RiskConsole, its premier global risk management information system (RMIS), as a true on-demand browser-based solution. As a SaaS
provider, Aon eSolutions becomes a critical, integrated component of a client's information management strategy.

The SAS 70 Type II examination provides clients of Aon eSolutions with objective third-party verification that Aon RiskConsole meets exacting standards of security and a wide array of mission-critical internal controls, which have been exhaustively examined, documented, and tested by Ernst & Young.

SAS 70 Type II is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), which indicates that a service provider has undergone an in-depth
examination of its internal controls and security processes. In fact, the U.S. Securities and Exchange Commission (SEC) has designated SAS 70 as the acceptable method to confirm a service organization's internal controls.

"By successfully completing this examination, we have demonstrated our continued market leadership in establishing security and internal controls, and we have proven our commitment to maintaining the highest safeguards to support client efforts to comply with the Sarbanes-Oxley Act," said Kathleen Burns, chief executive officer of Aon eSolutions.

Under Section 404 of the Sarbanes-Oxley (SOX) Act of 2002, public companies are required to report on their controls to secure and protect sensitive information. As interpreted by SOX legislation, service providers
who host, manage, and process client information are viewed as extensions of the companies they serve, and therefore, must also meet rigorous control standards. As companies turn to SaaS providers for system needs, selecting a SAS-70 vendor is critical to SOX compliance.

Ernest & Young assessed Aon RiskConsole on the following processes, activities, and operational control objectives:

-- Program change management
-- Network and physical security
-- Authorized Internet access
-- Daily computer operations
-- Data backup and recovery of tape backups

Aon eSolutions can provide clients with a comprehensive Type II report, which not only includes a description of its internal controls, but also verifies testing of the design and effectiveness of these controls. The report verifies that the company has achieved operational excellence with the highest levels of security, reliability and predictability of systems.



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.