FRSecure Whitepaper

Comparing a SAS70 to an FRSecure ISO Assessment

Download the full report

SAS 70 vs. an FRSecure Enterprise Information Security Assessment is like comparing apples to oranges.

Which is better for you and your organization?

We are often asked about SAS 70s and information security. People are confused about SAS 70s, and how they relate to information security. We want to set the record straight, and arm you with the right information.

This whitepaper is written specifically for you, if:
• You have customers requesting a SAS 70 report,
• You want to address information security, and are considering a SAS 70 audit, and/or;
• You request a SAS 70 report from your business partners.


Before you go much farther, consider some important facts. There are many misconceptions about what a SAS 70 is, and what a SAS 70 is not. Let’s start out with what a SAS 70 is. SAS 70 is short for “Statement on Auditing Standards No. 70: Service Organizations”. The SAS 70 was originally intended to provide “guidance on the factors an independent auditor should consider when auditing the financial statements of an entity that uses a service organization to process certain transactions.” The original guidance, provided by the American Institute of Certified Public Accountants (AICPA) was written in 1992, and the popularity of SAS 70’s exploded after the passage of the Sarbanes-Oxley Act in 2002 (“SOX”).


Download the full report