more-arw search

Q&A Forum

Do cloud vendors have SAS 70 or the new SOC 1,2,3 internal control reports to provide to firms assessing a move to cloud?


Topic Expert
Sumit Kalra
Title: Practice Leader
Company: BPM CPA
(Practice Leader, BPM CPA) |

SAS 70 standard has been replaced with SSAE 16 as of June 15, 2011. It will be one of the three reports (SOC 1, 2 and/or 3) depending on the type of services the Cloud vendor is providing.

Hall Mark
Title: Owner
Company: Small business
(Owner, Small business) |

Statement on Auditing Standards No.70 (SAS 70) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) in 1992. It is used to report on the "processing of transactions by service organizations", which can be done by completing either a Type I or a Type II audit. A SAS 70 Type I is known as "reporting on controls placed in operation", while a SAS 70 Type II is known as "reporting on controls placed in operation" and "tests of operating effectiveness". Service Organization Control (SOC) Reports, effectively known as SOC 1, SOC 2, and SOC 3 Reports, are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service. Service Organization Control (SOC) Reports are effectively replacing the long-standing Statement on Auditing Standards No. 70 (SAS 70). These new Service Organization Controls (SOC) reports address the evolving issues about SAS 70 and provide a more effective framework for providing assurance of controls in a service organization. These are based on technical standards of Statement on Standards for Attestation Engagements (SSAE) No. 16 and Trust Services, both adopted recently. SOC-1 is related only to ICFR, SOC-2 is related to controls over security/systems and privacy, and SOC-3 is related to controls over the same.
For more information, click here –

Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email [email protected] to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.