Compliance

NaviSite is strongly committed to third-party validation, standards and certification of the policies and procedures we use to maintain our customers’ applications and underlying IT infrastructure. We also understand the importance of helping our clients address their own regulatory requirements. To these ends, NaviSite maintains several certifications and services to effectively address our customers’ needs.

SAS 70 Type II Audit

NaviSite has successfully completed the SAS 70 (Statement on Auditing Standards No. 70) Type II audit. SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit is widely recognized because it represents that a service organization has been through an in-depth audit of their control activities. NaviSite’s controls were created using ITIL best practices in information technology and security. The systems and processes evaluated in this audit include security monitoring, change management, problem management, backup controls, physical and environmental safeguards, and logical access.

SAS 70 Type II audit compliance should be included in every organization’s checklist when evaluating outsourcing vendors. In addition, by hosting with NaviSite, our customers may be able to leverage NaviSite’s SAS 70 Type II audit standard to help reduce their own external testing costs for Sarbanes-Oxley 404 compliance.

In addition to the required SAS 70 audit requirements, NaviSite also conducts semi-annual voluntary audits for more than 100 internal control points.

Addressing Other Regulatory Requirements

NaviSite provides services to both public and private companies across a variety of industries. As a result, we have strong history of working with clients to implement IT services that help address a wide range of regulations affecting their particular market segments.

In concert with our SAS 70 type II Audit, NaviSite may also be able to deliver IT services that help you address requirements including:

  • Sarbanes-Oxley
  • Payment Card Industry (PCI) Standards
  • Gramm-Leach-Bliley Act (GLBA) California Security Breach Information Act
  • U.S. Department of Homeland Security
  • Health Insurance Portability and Accountability Act (HIPAA)
  • European Union Data Protection Act / Safe Harbor
  • SEC Rule 17a-4

Article

Fortune Magazine - NOV 2010
"Send In The Cloud"

Download