Sidebar: SAS 70 Standard Helps Bankers Evaluate Outsourcers

By Lucas Mearian

April 11, 2005 12:00 PM ET

Recommended

(4)

Digg

Twitter

Share/Email

Computerworld - MEMPHIS -- Corporate IT organizations are increasingly turning to the SAS 70 auditing standard to ensure that outsourcers comply with various government IT regulations.
SAS 70, or the Statement on Auditing Standards No. 70, was developed by the New York-based American Institute of Certified Public Accountants. It can be used to ensure internal compliance and that vendors abide by the rules, executives said.
Chicago-based Northern Trust Corp. uses the SAS 70 format to evaluate whether large outsourcing vendors are compliant with various government regulations, such as the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act, said Katy Hurst, global disaster recovery director at the bank.
Northern Trust has beefed up its effort to scrutinize current and potential outsourcing partners because regulators have made it clear that "outsourcing relationships are subject to the same risk management practices" as those used in-house, Hurst said at the American Bankers Association's Bank Outsourcing Forum here last week.
First Horizon Bank also spends "considerable time" performing internal audits and using the SAS 70 certification standard to ensure that the IT operations of its outsourcers are compliant with privacy laws, said Patrick Ruckh, First Horizon's chief technology officer.
William Henley, an examination specialist at the Federal Deposit Insurance Corp., urged the banking executives to go beyond using SAS 70 as a checklist for outsourcers and called on IT units to undertake their own vigorous due-diligence processes.

Read more about management in Computerworld's Management Knowledge Center.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

IT Management

Additional Resources

Microsoft

DirectAccess and UAG: Better Together

Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.

Microsoft

Case Study: Energy Firm Tightens Protection, Simplifies IT Work

Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.