EasyStreet Online Services

9705 SW Sunshine Ct
Beaverton, OR 97005
(503) 646-8400
(877) 567-3279
Email EasyStreet

Tech Support

(503) 906-7400
(800) 207-0740
Email support

EasyStreet SAS 70 FAQ

What is SAS 70?

The Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).

The SAS 70 audit report allows a service organization to provide its customers with independent third party verification regarding the state of internal controls that govern the services provided to its user organizations.

A SAS 70 audit can only be performed by an independent Certified Public Accounting (CPA) firm. CPA firms that perform SAS 70 audits must adhere to specific professional standards established by the AICPA.

Why is a SAS 70 audit important when choosing a data center services provider?

A service auditor's examination performed in accordance with SAS No. 70 indicates that a service organization has been through an in-depth audit of their control environment, which includes controls over information technology and related business processes.

What is meant by an “unqualified opinion?”

At the conclusion of a SAS 70 audit, the service auditor renders an opinion on the following:

Whether the service organization's description of controls is presented fairly.
Whether the service organization's controls are designed effectively.
Whether the service organization's controls are placed in operation as of a specified date.
Whether the service organization's controls are operating effectively over a specified period of time. (Type II only)

When the service auditor concludes that the above items have been accomplished, the service auditor renders what is referred to as an "unqualified opinion.” While a SAS 70 audit is technically not a "pass" or "fail" audit, the receipt of an unqualified opinion from the service auditor is often referred to as "passing" the audit. (Reference: http://www.sas70.com/faq/)

The audit process may uncover control exceptions or deficiencies. When this occurs, the service auditor will “qualify” the opinion to indicate that a control objective could not be achieved. Fortunately, EasyStreet received an unqualified opinion and “passed” on our first audit.

What is the difference between SAS 70 Type I and Type II audit report?

A Type I report describes the service organization's description of controls at a specific point in time. A Type II report not only includes the service organization's description of controls, but also includes detailed testing of the service organization's controls over time.

In addition, a Type II audit generally tests controls more robustly — the report indicates they have been “inspected” rather than just “inquired.”

Which auditing firm performed EasyStreet’s SAS 70 Type II audit?

After reviewing several potential firms, EasyStreet hired Linford & Company LLC of Denver, Colorado, to perform the audit.

Does this mean EasyStreet is SAS 70 certified?

Although often claimed erroneously, there is no SAS 70 “certification.” It is only correct to say that a service organization “has passed” or “has received an unqualified opinion on” a SAS 70 audit.

May I have a copy of EasyStreet’s SAS 70 audit report?

EasyStreet customers and prospects can request a copy from their Sr. Account Manager. They must sign a standard Nondisclosure Agreement (NDA) before receiving a printed or digital copy of the report.