Woodbury, NY— Continuity Centers, a provider of flexible disaster recovery solutions, successfully completed a comprehensive Type II SAS70 audit of all their disaster recovery services as well as their data center in Woodbury, NY. SAS70 (Statement on Auditing Standards No. 70), Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A service auditor's examination performed in accordance with SAS70 represents that a service organization has been through an in-depth audit of their control objectives and activities, in areas such as physical security, environmental security, information security, data communications, data replication and backup and the recovery process.
The requirements of the Sarbanes-Oxley Act of 2002 make SAS70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting. SAS70 permits Continuity Centers to disclose their control activities and processes to their members and their members’ auditors in a uniform reporting mechanism. The audit ensures that all control processes have been audited and have met the standards of the SAS70 audit, providing Continuity Centers’ members with assurances of security, reliability and recoverability.
According to Mark Balog, CPA and CFO for Continuity Centers, “Being SAS70 compliant is an important one for Continuity Centers and our members, as it validates that we have implemented a high standard of controls and processes designed to ensure the security and confidentiality, and most importantly, the recoverability, of members’ data and business. This was an intensive review audit process which evaluated numerous control objectives designed to ensure that the large amount of data we store and transmit for our members is accurate, timely and properly recorded.”
Gregory R. Tellone, COO of Continuity Centers, speaks further about the SAS70 audit and how it is a positive asset for the company. “In today’s age of technology, being SAS70 compliant is not just a nicety, it’s required by many customers, specifically publicly held companies and financial institutions. While we felt our security and control processes were always of the highest standards, our growth into these two markets over the past year has required us to obtain SAS70 compliance. Most technology companies only audit their data center for logical physical security and environmental controls such as access, cooling and electric. That type of audit is adequate if they are only providing colocation services and want to ensure protection of the customers’ physical equipment, but is simply not enough for a company like ours who is intricately involved in protecting and recovering their members’ data and business. To show our members that we take data security and recovery seriously, we chose to audit all of our services, not just our data center. Furthermore, this illustrates that each and every one of our security and control processes, from the onboarding stage through recovery testing and full disaster recovery, have comprehensive controls in place and that have all been successfully audited according to SAS70 standards. The SAS70 level of self-imposed auditing allows the business community to feel supremely confident choosing us as their disaster recovery service provider.”, says Mr. Tellone.