News
Press Release
November 23, 2009
Core NAP, the most flexible data center solutions provider in Central Texas, today announced that it has completed a service auditor’s review, commonly known as a SAS 70 audit, of its general controls supporting data center operations. The scope of the audit, which was performed by a nationally recognized independent auditing firm, included Core NAP’s network monitoring, problem escalation and support services, as well as the general controls that support these activities.
SAS 70 is an acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standard (SAS) No. 70, titled “Reports on the Processing of Transactions by Service Organizations”. SAS No. 70 defines the professional standards used by a service auditor to assess a service organization’s internal controls and issue a detailed report. In order to complete the audit, Core NAP management developed control objectives for the following areas of internal control that support the company’s data center operations: physical security, environmental security, network monitoring, problem escalation and support.
“Core NAP’s management understands the ever-increasing importance of corporate governance, as well as the impact of the organization’s services on our clients’ internal controls,” said Kenneth Smith, president and CEO of Core NAP. “The successful completion of the SAS 70 audit is only part of Core NAP’s continued commitment to maintaining a high level of internal control. To ensure ongoing adherence to the latest operational and data security standards, we have engaged our service auditor to undergo a Type II audit on an annual basis.”
Because Sarbanes-Oxley legislation has placed an increased focus on the internal controls of business partners, the SAS 70 audit report is designed to provide Core NAP clients with a certain level of assurance regarding the controls that are maintained by Core NAP management. The SAS 70 report addresses all five components of internal control outlined in Sarbanes-Oxley, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities. The structure of the report is designed to be incorporated well with clients’ Sarbanes-Oxley compliance programs.
Core NAP’s service auditor performed extensive testing of the control activities that have been implemented by Core NAP to help ensure that control objectives were met. The testing allowed the service auditor to opine on the following:
• Whether the description of the controls prepared by Core NAP presents fairly, in all material respects, the relevant aspects of the Core NAP’s controls that had been placed in operation as of September 30, 2009
• Whether the controls were suitably designed to provide reasonable assurance that the specified control objectives would be achieved if those controls were complied with satisfactorily
• Whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the review period of April 1, 2009, through September 30, 2009.
Following this rigorous examination, the auditing firm was able to issue an unqualified opinion regarding each of the areas described above.
