LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SAS 70 Audit
From:	Larry Medina <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Mon, 29 Nov 2010 15:53:22 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (28 lines)

On Mon, 29 Nov 2010 , Angie Fares <[log in to unmask]> replied:

>If an SAS-70 Audit has not been performed, then we would look for an
>alternative certification that indicates informed independent third
>party review of control processes in the service provided.  For example,
>if a shred provider did not have a SAS-70 Audit on file, then I would
>ask for NAID certification.
>

I think it would be critical to find out what NAID "certified against". 
They have their own practice documents but they aren't 'standards', so is it
really a 'certification' or simply a review?  

Does it relieve you as a service provider to a client of any obligations? 
Would they (in this case, NAID) be willing to go to the mat for your client
if there was a problem?

SAS-70 is pretty strict in its criteria, so I don't know if you can really
accept "SAS-70 Lite" in lieu of the real deal.

Larry
[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US