SAS Type 2 Audit 2808

  • All,
    I have a client which is a PCI certified Service Provider.
    But now some of their clients are asking for SAS 70 Type 2 certification. I would appreciate if anyone can answer the following questions:

    1. What critical areas would be covered in a SAS 70 type 2 audit?
    2. Considering that client is already PCI certified, would it help the client to expedite the SAS 70 certification process?
    3. The scope of SAS 70 testing would be the whole processing environment which handles credit card and PII data, how long would it take to be SAS 70 type 2 compliant?
    4. The organization is a Level 1 service provider with 50 staff members, so you can imagine it’s a small organization, what will be the estimated cost of the SAS 70 type 2 audit?
      I would appreciate if you could answer the above questions at your earliest convenience.
      Best Regards,

Log in to reply