Statement on Auditing Standards (SAS) 70, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit is widely recognized because it represents that a service or outsourcing organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes. In today's global economy, service organizations or outsourcing providers must demonstrate that they have adequate controls and safeguards when they handle data belonging to their customers. In addition, the requirements of the Sarbanes-Oxley Act of 2002 and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) make SAS 70 audit reports even more important to the process of reporting on effective internal controls at service organizations.
SAS 70 is the authoritative guidance that allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format. A SAS 70 audit signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm.