Larger managed service providers and hosting providers continue to bang the drum for SAS 70 Type II, a standard for auditing service organizations. But I wonder: How many MSPs want — and need — to jump on the SAS 70 bandwagon? Here are some thoughts.
A few days ago, Pilgrim Software Inc. of Tampa, Fla., became the latest managed hosting service provider to achieve SAS 70 Type II certification. And on May 1, SAS 70 will be a key session topic at MSPWorld, a conference hosted by the MSPAlliance in Orlando. Dan Holt, CEO of HEIT, an MSPmentor 100 company, is scheduled to host a session titled “Is SAS 70 Right for Your MSP?”
For HEIT — which serves a range of financial services customers — SAS 70 makes perfect sense. HEIT’s web site notes:
“To show our clients that HEIT’s internal controls are sound and effective, an American Institute of Certified Public Accountants (AICPA) firm completed a Statement on Auditing Standards No. 70 (SAS 70) Type II review in addition to the FFIEC Information Security Audit.”
The Big Picture On Small MSPs
But should smaller MSPs — which don’t necessarily have data centers or internal NOCs — care about SAS 70? In many ways, yes. I think the standard remains an important consideration for MSPs that are seeking to partner with external hosting partners and NOC operators.
Indeed, MSPs need to make sure their hosting and NOC partners have rock-solid controls in place. Demanding SAS 70 Type II certification is one way to gain peace of mind — or at least one way to help mitigate business risk to you and your customers.
Want more information? A range of CPAs and consultants can perform SAS 70 audits for MSPs. Simply Google “SAS 70 Auditors” to get a feel for some options and frequently asked questions. Or, check in with industry associations. The MSPAlliance, for one, has indicated that it will launch some sort of SAS 70 program for its association members during the MSPWorld conference.
MSPmentor is updated multiple times daily. Don’t miss a single post. Subscribe to our Enewsletter, RSS, Webcast and Twitter feeds.
Read More About This Topic
Share This Post
Posted In: Certification
Tags: | HEIT CEO Dan Holt | MSPAlliance | MSPAlliance SAS 70 | MSPmentor 100 | Pilgrim Software Inc. | SAS 70 Auditors | SAS 70 Type II
Interact: Add a Comment | Trackback Link | Permalink
Subscribe: RSS Feed
Update: As expected, the MSPAlliance announced its SAS 70 audit strategy at MSPWorld. The announcement includes a relationship with SAS70 Service, which performs audits.
Online Tech is a Managed Data Center Operator and we recently completed our SAS 70 audit for all three of our data centers here in Michigan. We made the move because a number of our MSPs and hosting partners needed SAS 70 compliance to serve their customers which are public companies.
With our SAS 70 audit in place, our clients can now position themselves as running from a SAS 70 data center – in fact we even created a SAS70 logo for our partners to leverage in their marketing.
We also just wrote an article on our experience – “5 Tips for Surviving a SAS-70 Audit” – see – http://www.onlinetech.com/resources/enews/marchenews/
Mike: Thanks for the update on SAS 70, and the 5 tips. Please let us know in a few months whether the audit has helped to generate new revenue opportunities for your business and/or helped to keep current customers loyal.
Hi Joe –
We have already closed several new deals based on having the SAS 70 audit in place and retained a very large client that required it to server one of their public companies.
The SAS 70 was a lot of work and a significant commitment of time, energy and $$. It has paid good dividends for us. As a note, we have over 50,000 square feet of data center space, so this may not make sense for smaller data center operators.
Mike: As I sit in my 150-square-foot office, I certainly see why SAS 70 differentiates your 50,000-square-foot data center from rival MSPs and service providers. Thanks for sharing your story.