Results 1 to 2 of 2

Thread: SAS 70 Compliance

  1. 2005-11-21, 10:01 AM #1
    ayushgarg
    ayushgarg is offline Junior Member
    Join Date
    Nov 2005
    Posts
    2

    Default SAS 70 Compliance

    Is SugarCRM SAS 70 compliant? If yes, Level 1 or Level 2?
    Reply With Quote Reply With Quote
  2. 2005-11-26, 10:24 AM #2
    johnol
    johnol is offline Sugar Community Member
    Join Date
    Apr 2005
    Posts
    30

    Default Re: SAS 70 Compliance

    SAS 70 is problematic at best. I have several companies, one that deals in financial services. SAS 70 is an accounting standard - not a regulation. It is important to understand this. What has happened is that many (not saying you) are using SAS 70 as a way to shirk their own due diligence responsibilities to find platforms and suppliers that offer appropriate security.

    Bear in mind, it is critical to not only look at Sugar itself, but the environment in which it will be run to determine if it meets the SAS 70 requirements. For instance, where will it be hosted? Have those providers / systems passed SAS 70?

    My point is that SAS 70 is not a panacea but the accounting world loves it because it generates great income for them.

    And this is the real issue. SAS 70 certification is EXPENSIVE. Yet, I can compare, for example, two web hosts one who passed SAS 70 and one who chose not to participate. The one that *didn't* participate is actually more financially stable and has better security controls than the one which did. But it is only after personal due diligence that this was uncovered.

    Bankers especially try to focus on SAS 70 as the end-all be all of certifications - and are really pushing for it. But in the end I explain to my clients what I said at the beginning... it isn't a Federal standard, nor is it a requirement of Sarbanes Oxley, the GLBA, or anything else. It is simply an accounting standard / certification that is very expensive to obtain and not necessarily meaningful.

    As for Sugar, I have not seen anything to suggest that SugarCRM has submitted itself to SAS70 but I don't think you should let that stop you from seriously considering its deployment and use. I have documented examples of data integrity issues with folks like NetSuite - and so far Sugar has been quite reliable.

    To anyone reading this who isn't familiar with SAS 70 but want to learn more, please view this article: http://www.csoonline.com/read/110105/sas70.html

    -John

    www.progresspays.com
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules