SAS 70 Type II and mortgage software hosting.
We received our updated SAS 70 Type II report today. I can now get this out to the banks and credit unions who host their mortgage software with us. Each year banking regulators come into their offices to check on the processes that are in place to protect client information. Other than a mortgage loan document I honestly don't know of a single document that contains more sensitive personal data on it. Banking regulators want to make sure that data is safe and secure. ABT has taken on the task of securing this certification ourselves.
We do not rely on our data centers. We engage a 3rd party auditing company who comes in and reviews our processes and environment. If a process does not hold up an exception report is created listing the items that need "fixing".
Note: The difference between SAS 70 and SAS 70 Type II is
- In a SAS 70, you document the processes you follow to safeguard data. Auditors review these documents.
- In a SAS 70 Type II the Auditors come in and review the actual environment. They review your internal testing and system reports. In other words you need to prove you do what you say you did in the SAS 70 Type I document.
We are pleased to finally have this latest audit completed and in hand...just in time for our client's regulatory reviews.
I hope you find this helpful, thanks for your time