RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Records Management Program <[log in to unmask]>
Date:
Thu, 8 Feb 2007 16:53:30 -0600
Reply-To:
Records Management Program <[log in to unmask]>
Subject:
Re: SAS 70 Type 2 Audit Statements
MIME-Version:
1.0
Content-Transfer-Encoding:
8bit
In-Reply-To:
A<[log in to unmask]>
Content-Type:
text/plain; charset="iso-8859-1"
From:
"Allen, Doug" <[log in to unmask]>
Parts/Attachments:
text/plain (55 lines) 
There has been an on-going fairly active debate regarding whether ISO 17799 or SAS 70 might be preferable.... I'd not take a position, since in my view each has its own merits and limitations....  In order to avoid "SAS 70 bias".... here are a few pointers to criticisms.  I'd say that all of us in the RIM "business" (no, not industry.... but profession) are better off if we're well acquainted with each, and understand both the strengths and weaknesses of each.  

Here are those somewhat critical sites regarding SAS 70;

http://www.cfo.com/printable/article.cfm/8344746/c_2984409?f=options


http://www.systemexperts.com/tutors/sas70.pdf


also an article from the CPA Journal that includes a section relating to "problems with SAS 70"

http://www.nysscpa.org/cpajournal/old/13856815.htm


ISO 17799 also receives some criticisms related to its limitations and the rather rigid structure of that standard.  

In any event, I'd say that an organization that is able to verify that it either has an SAS 70 certification, or that is certified as meeting ISO 17799 may well be better off than one that is not..... and RIM managers should look at how the specifics of an organization's compliance rather than merely accepting a statement at face value.

Just a couple additional thoughts on the topic......based on my year-old research effort.



Douglas P. Allen, CRM, CDIA+


 
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf Of Taina Makinen
Sent: Thursday, February 08, 2007 8:38 AM
To: [log in to unmask]
Subject: Re: [RM] SAS 70 Type 2 Audit Statements

Hugh Smith wrote:
>As promised yesterday, I would address this issue by asking an CPA and accounting firm to address these issues. [SNIP]

Hugh, that was fascinating! Many thanks to your contact for taking the time to provide such a detailed response.

In case anyone is interested, there is a table that compares elements of SAS 70 and ISO at http://www.sas70.com/faq/faq1.htm. NB: it doesn't specifically address recordkeeping.

Cheers,
Taina Makinen
Vital Records Specialist
Canadian Tire Corporation
***********************************************************************************************************************
This message, including any attachments, is privileged and may contain confidential information intended only for the person(s) named above.  If you are not the intended recipient or have received this message in error, please notify the sender immediately by reply email and permanently delete the original transmission from the sender, including any attachments, without making a copy.  Thank you.
 
Ce message, y compris toutes ses pièces jointes, est confidentiel et peut contenir des renseignements destinés uniquement aux personnes dont le nom est indiqué ci-dessus. Si vous n'êtes pas le destinataire prévu ou si vous avez reçu ce message par erreur, veuillez en aviser l'expéditeur immédiatement, en lui répondant par courriel. Veuillez aussi supprimer définitivement le message original de l'expéditeur, y compris toute pièce jointe, sans faire de copie. Merci.

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2