• About BWise
  • The Company
  • Mission and Values
  • Growth and Strategy
  • Message from the CEO
  • Management
    • Luc Brandts, CTO
    • Tonny Boerboom, COO
    • Rob van Straten, Senior VP Sales EMEA
    • Joseph LeBas, President North America
    • Robert Pijselman, CEO
    • Supervisory Board
  • Career Opportunities
  • BWise Blog
  • BWise GRC Library
• Industries
  • Energy & Utilities
  • Financial Services
  • Insurance
  • Manufacturing
  • Pharmaceuticals & Chemicals
  • Services
  • Other industries
• GRC Challenges
  • Convergence of GRC
  • Continuous Monitoring
  • Corporate Governance
  • IT Governance
  • Regulatory Compliance
    • Basel II
    • Bill 198
    • Bribery Act
    • FERC & NERC
    • MAR
    • MiFID
    • SAS 70
    • Solvency II
    • SOx
    • Turnbull
  • Financial Governance
  • Operational Risk
  • Enterprise Risk
  • Internal Audit
  • Sustainability Performance Management
  • Corporate Social Responsability
  • Process Standardization
  • Soft Control Testing
• Solutions & Services
  • GRC Software Platform
  • GRC Software Components
    • Compliance Management
    • Continuous Controls Monitoring
    • Corporate Control
    • ERM Dashboards
    • Internal Audit
    • Internal Control
    • Loss & Incident Database
    • Policies & Procedures
    • Process Management
    • Risk Analysis
    • Risk Assessments
    • Sustainability Performance Management
  • GRC Software Templates
    • Basel II
    • COBIT™
    • IT Control & UCF
    • MAR
    • MiFID
    • SAS 70
    • Soft Control Testing
    • Solvency II
  • Implementation Methodology
  • Business Consulting
  • BWise Academy
• Customers
  • Customer References
    • Aegon
    • AG2R LA MONDIALE
    • Ahold
    • DSM
    • FMP
    • France Telecom
    • Headwaters
    • Robeco
    • Roche
    • SwissLife
    • TNT
  • Customer events
    • NL Customer Summit 2010
    • DACH Customer Summit 2010
    • North American Customer Summit 2009
    • French Customer Summit 2009
    • North American Customer Summit 2008
    • Trustday 2008
• News & Events
  • Events
  • Webinars
  • News
  • Articles
• Partners
  • Partner Program
  • Overview Partners
• Contact
  • Support
  • Offices

SAS 70 & SSAE 16 Template

Service organizations are, at times, companies that provide outsourced services that impact the control environment of their customers. It is vital that service companies provide their customers with a reliable statement on the management of controls at the customer. SAS 70, and the new initiatives that replace it ISAE 3402 and SSAE 16 is recognized around the world as a label of quality for a service organization.

There are two types of service auditor reports:

• Type I
A Type I SAS-70 internal control report states the proper design of all relevant controls. A Type I certification is the most basic certification.

• Type II
A Type II SAS-70 internal control report not only states the proper design of controls, but also that all controls are operating effectively. The Type II certification is the most advanced SAS-70 certification.

Best practice for SAS 70 compliance

BWise Governance, Risk and Compliance (GRC) management software enables the arrangement of internal controls and their assessment as required by SAS 70. Based on best practices, BWise provides a foundation for the proper design of an internal control framework. The resulting framework further enables a service organization to identify relevant risks and controls in the organization. BWise also provides an integrated assessment component to validate the description and design of these controls. Assessments can then be recorded and compiled in the BWise solution, ultimately resulting in a Type I internal control report. The BWise SAS-70 solution also has the ability to validate the effective operation of controls in the service organization, providing results for a Type II internal control reports.

ISAE 3402 and SSAE 16

BWise can not only assist an organization with its Type I and Type II service auditor reports, but can also assist with and enable the requirements of ISAE 3402 and SSAE 16. The BWise GRC platform can help in the creation and development of a service organization’s description of its system, the written assertion to accompany that description and the organization’s identified risks that could threaten the achievement of its controls objectives; all as required by the new initiatives ISAE 3402 and SSAE 16.

Benefits

Using BWise and the SAS 70 template, compliance with all internal control audit requirements are accomplished in the most cost effective and efficient way. Audits can be performed rapidly and efficiently, with all required information readily available, saving substantial audit costs. In addition, BWise offers a completely integrated GRC software platform, with components that can not only assist with internal controls, but also with risk management and embedding governance and compliance processes into your organization.

To find out more about all the products from BWise, please click here.