What is SAS 70, Type II Certification?*
The Statement on Auditing Standards No.70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA), allowing service organizations to disclose their control activities and processes to customers and customers' auditors in a uniform reporting format. A service auditor's examination performed in accordance with SAS No. 70 ("SAS 70 Audit") is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.

The Type II form of SAS 70 examination is the most stringent form, and includes rigorous tests by an independent auditor of specified controls in order to provide a measure of assurance that related control objectives were achieved.

Razorsight is a SAS 70, Type II Certified Company
Razorsight has been through SAS 70 audits in 2005, 2006 and 2007. Our most recent SAS 70, Type II certification was completed in May 2007. The company received the award after an extensive inspection and review of its infrastructure, security processes, data management policies and recovery procedures.

As a vendor to some of the largest communications and enterprise companies in the world, Razorsight is subject to extensive data security and process integrity requirements. SAS 70, Type II Certification is a reflection of Razorsight's commitment to ensure that our clients can use Razorsight's solutions and services with confidence, and to simplify client compliance with legal and audit requirements, especially related to SAS 55 and SOX 404.

• A Razorsight client can obtain a SAS 70 Type II Certification Report from Razorsight and receive a detailed description of Razorsight's controls and an independent assessment of whether the controls were placed in operation, suitably designed, and operating effectively.
• A Service Auditor's Report greatly assists client auditors in planning the audit of clients' financial statements, and simplifies the process of meeting with legal and audit requirements.
• Clients save on additional cost that they would have had to incur in sending their auditors to Razorsight to perform their procedures.

* Summary information provided on SAS 70 is based on AICPA's audit guide entitled "Service Organizations, Applying SAS No. 70, As Amended".