The Statement on Auditing Standards (SAS) No. 70, for Service Organizations, developed by the American Institute of Certified Public Accountants (AICPA), is a widely recognized audit standard. SAS 70 Type II compliance is often related to Sarbanes-Oxley requirements.
The independent SAS 70 auditor produces two kinds of "Service Auditors Reports": Type I and Type II. Type I reports describe the organization's controls at a specific point in time (for example, January 1, 2010). Type II, a more thorough and comprehensive audit, includes the organization's description of controls as well as a detailed testing of controls over a minimum six-month period. Zak's certificate of destruction and thorough documented process provides a good audit foundation for SAS70 Type II requirements.
Zak's SAS 70 Type II compliant data security helps to address GLBA requirements.
