The appropriately named Sarbanes-Oxley Compliance Toolkit includes a whole range of materials specifically put together to both introduce, and take you through this most important of legislation.
As security is such a major theme on the Act, many organizations are using the international ISO standards. The ISO 27001 Portal outlines these. A copy of the standards, and security policies, can be obtained via the ISO 17799 Toolkit.
The SOX email storage requirements can be fulfilled using the
GFI MailArchiver
SOX Advertisers
Sarbanes What?
Our server logs indicate some interesting mis-spellings: Sarbannes Oxley, Sorbane Oxley, Sarbanne Oxley, Sarbaines Oxley, Sarbanesoxley, Sorbanes Oxley, Sabanes Oxley, Sarbane Oxley, and Sarbanes Oaxley, to name but a few!
Sarbanes-Oxley Act Forum: Forums
The Sarbanes Oxley Act :: View topic - SAS 70 Expiration Time?
Posted: Wed Dec 08, 2004 4:12 am Post subject: SAS 70 Expiration Time?
Denis wrote:
SAS70 reports are annual.
I knew, but does it mean, that if you have new SAS 70 report, old one
is "expired" or you'll need it yet as reference for the period, when old report was issued?
Joined: Nov 25, 2004 Posts: 787 Location: London, UK
Posted: Wed Dec 08, 2004 6:50 am Post subject:
I would be more inclined to think of a SAS70 like a set of accounts. They represent a period of 12 months up to the date of the report and are the most relevant information until a new report is issued. The old report doesn't expire as such it just becomes less relevant with time.
Posted: Tue May 17, 2005 9:18 am Post subject: SAS 70
More importantly PCAOB FAQs gave some guidance as to the use of SAS 70s. They stated that the age (time since issued) of the report is to be taken into consideration when looking to rely on the report for Internal Controls of an outsourcer.
The older the report, the more a company should do to verify that the controls surrounding an outsourced process have not changed. That is, the longer the time from issuance date, the greater probability that changes may have occurred that may impact the validity of the report.
The old reports should be retained to the extent that they were relied upon in your ICOFR assessments. They should be retained as long as you retain your SOX support (generally about 7 years). Each new report supports a different period of time. Match the report to the period of time you are assessing.
SAS 70 - It is a continuous process that management should
undertake annually to ensure the system of controls maintains
its integrity. _________________ George Lekatis
President of the Sarbanes Oxley Compliance Professionals Association (SOXCPA)
www.sarbanes-oxley-association.com
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Trademarks referenced on the SOX Act Forum are property of their respective owners. Comments are property of their respective posters. Sarbanes-Oxley Act Implementation Portal: Sarbanes Oxley compliance, information, software, & internal audit committee resources. Sarbox. Site source is copyright nuke (c)2003, and is Free Software under the GNU / GPL licence agreement. All Rights Are Reserved.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
