SAS-70 vs. ISO9000

Published: 22nd June 2009
Views: N/A

How often we have thought that what is the difference in getting the SAS-70 audit done or getting the audit under ISO 9000 done? This is a usual question which comes in to the mind of all CEO of the service organizations who are contemplating of obtaining a SAS-70 audit report. We need to understand the differences between the ISO 9000 and SAS-70 standards. SAS-70 is an auditing standard issued by American Institute of Certified Public Accountants (AICPA) which governs and sets the guidelines of how disclosures are required to be made on the efficiency and effectiveness of internal control procedures at a service organization with respect to processing and handling of data belonging to customers. On the other hand ISO 9000 set of standards issue by the International Organization for Standards. These standards are technical standards to safeguard consumer and users of services and products. The ISO 9000 are as set of pre-defined standards which must be met in order to be certified 'Pass' by ISO which is totally in contrast to SAS-70 which by itself are not a pre-defined set of standards which a service organizations needs to 'pass'.



SAS-70 requires the Service auditor to examine the internal control procedures and practices in vogue at the service organization and issue his independent opinion after necessary evaluation details of the controls in practice at the service organization and may or may not include how the tests were conducted to arrive at the opinion depending upon the type of audit assignment. It is the responsibility of the service organization to spell out the descriptions of the internal control objectives and the controlling activities which are of interest to the user organizations and their auditors for completion of their respective audits.



The ISO certification by independent auditor's need that the organization has met the standards set by the ISO and the organization has a system of quality management in place which meets the ISO 9000 family of standards as far as the way in which the organization controls its workings. The ISO lays down the standards to be met but does not dictate how these would be made.Chad Hubbard also writes for System Disc on such topics as I/O Device Error and Technology vs Life Visit SAS-70 vs. ISO9000.

Report this article Ask About This Article


Loading...
More to Explore