Niki Neese, VP Account Management
As I have discussed in previous newsletters, we have incorporated a compliance topic to the Quarterly System Review that we perform with your financial institution; the main objective being to present you with information on the latest compliance trends that we see throughout our customer base. Our goal this year is to incorporate topics that address the latest IT trends, goals and challenges for financial institutions and give you the tools and suggested solutions to help meet these common challenges.
What I’ve seen in the field is that many of my clients have considered the challenge of ensuring that their institution has an effective vendor management program in place. A crucial component of an effective vendor management program is a thorough review of SAS 70 documents.
The SAS 70 is an important vendor management control tool that can be used to assess the adequacy and effectiveness of the vendor’s security controls. At a minimum, the SAS 70 Report should contain:
- The Auditor’s Report
- A Description of Controls
- Auditor’s Test, Findings and Exceptions
We have created the flow chart below to help evaluate SAS 70 reports. As a refresher, it is important to review all critical vendors and rank them based on their operational and GLBA risk.
Your Safe Systems Account Manager is available to help guide you through SAS 70 reviews, and if you need further assistance, the Safe Systems Compliance Department is available as well. Additionally, please contact your Account Manager if you are interested in receiving a copy of Safe Systems’ SAS 70.