Articles

Is your time and attendance service provider SAS 70 certified (Statement on Auditing Standards No. 70)? The SAS 70 auditing standard was created to make sure that an organizations control objectives and control processes surrounding their information technology are effective, sufficient, and carried out by the employees. It has become more important since the Sarbanes-Oxley Act of 2002, specifically Section 404, and is commonly required for companies providing external IT services to organizations that participate in SOX audits.

There are two types of SAS 70 compliance - Type I and Type II. Type I compliance is an audit of the control processes that are written and an opinion of these processes are sufficient to control the IT systems in place. The more stringent Type II compliance is a demonstration of the controls in the Type I. This usually entails the auditors verifying the controls are being used effectively with an onsite audit.

PeopleNet has been SAS 70 Type I certified for 4 years and Type II certified for over 3 years. During this time we have gained valuable knowledge about streamlining our operations to minimize the “red tape” that SAS influenced processes typically has in a service organization. This allows us to react and solve problems quicker, expedite the roll-out of new features and implement new customers faster than most companies that are certified. We have even automated many of the requirements into our supporting tools and applications. Focused on empowering our front line employees, who have direct contact with the customers, we have integrated SAS 70 requirements into the level of service that our customers are accustomed to and that we pride ourselves in giving.