Xerox Global Services - SAS 70 audit attests to Xerox controls (PDF, 66 KB)
2 pages
English

Xerox Global Services - SAS 70 audit attests to Xerox controls (PDF, 66 KB)

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
2 pages
English
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

Description

Capabilities BriefSAS 70 audit attests to Xerox controls.Strong focus on controls leads to SAS 70 report for Xerox.Xerox Global Services understands the They also met with Xerox employees tobest outsourcing solutions have to make discuss the relevant processing functionseconomic sense while also mitigating performed and the controls applied, andthe risk associated with data security, the audit was done on procedures for allregulation and technology. significant control elements, includingthose listed below:To that end, we are committed to continu-ously and proactively managing and main-Control Objectives taining controls within our businesses.So serious are we about delivering visible 4 Solution Implementationand measurable results that we continual-ly invest in exhaustive assessments of our 4 Data Integrity and Accessown internal controls, especially as they4affect our customers. Data Confidentiality4 Communications SecurityA brief definition of SAS 70.Statement on Auditing Standards (SAS) 4 Restricted System AccessNo. 70, Service Organizations, is an inter- 4 Billing Accuracynationally recognized auditing standarddeveloped by the American Institute of“Customers bank on our 4 Facilities Access and SecurityCertified Public Accountants (AICPA).people and technology to 4 Environmental ControlsA SAS 70 audit includes the auditing ofdeliver measurable results. 4controls over information technology and Information Security MonitoringSAS 70 reporting ...

Informations

Publié par
Nombre de lectures 196
Langue English

Extrait

Capabilities Brief
SAS 70 audit attests to Xerox controls. Strong focus on controls leads to SAS 70 report for Xerox.
“Customers bank on our people and technology to deliver measurable results. SAS 70 reporting gives our clients even more reason to have confidence in Xerox as an outsourcer.” Tom Hurysz, VP Operations and Delivery, Xerox Corporation
Xerox Global Services understands the best outsourcing solutions have to make economic sense while also mitigating the risk associated with data security, regulation and technology.
To that end, we are committed to continu-ously and proactively managing and main-taining controls within our businesses.
So serious are we about deliveringvisible and measurableresults that we continual-ly invest in exhaustive assessments of our own internal controls, especially as they affect our customers.
A brief definition of SAS 70. Statement on Auditing Standards (SAS) No. 70, Service Organizations,is an inter-nationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
A SAS 70 audit includes the auditing of controls over information technology and related processes. It represents that a service organization—in this case, Xerox Global Services—has been through an in-depth audit by an independent, external auditor.
Auditors scrutinized wide range of controls. The international accounting firm of PricewaterhouseCoopers conducted intensive on-site audits at the Xerox Imaging Services and Xerox Document Services Hosting Centers. To gain an understanding of the operations, auditors observed and followed the flow of transactions through the system.
They also met with Xerox employees to discuss the relevant processing functions performed and the controls applied, and the audit was done on procedures for all significant control elements, including those listed below:
Control Objectives
Solution Implementation Data Integrity and Access Data Confidentiality Communications Security Restricted System Access Billing Accuracy Facilities Access and Security Environmental Controls Information Security Monitoring Change Management Version Control Digital Archiving andBackup
This systematic investigatory process enabled an understanding of our frame-work for control and ways we effectively achieve specified control objectives.
® There’s a new way to look at it.
Precise auditing procedures followed. The PricewaterhouseCoopers review included specific procedures considered necessary to evaluate whether the controls, as described, were in operation at the time of the audit. These procedures included:
Inquiry—Performed inquiries seeking relevant information or representation from Xerox Global Services personnel to obtain knowledge and corroborating evidence regarding the control.
Observation—Observed the application or existence of specific controls as represented.
Inspection—Limited inspection of documents and records indicating existence of the control.
PricewaterhouseCoopers LLP conducted and delivered the SAS 70 Type I audit on controls over information technology and related processes.
Xerox customers drive the agenda. Such an in-depth report would not be useful to Xerox Global Services unless it described the controls that were of most interest to Xerox clients. While Xerox provided the list of controls for the third-party auditing, it was only after querying customers and prospects about what they looked for in an outsourcing partner.
In the case of communications security, for example, customers wanted assurance that data transmissions are complete, accurate and properly secured. The SAS 70 report provides this assurance.
Committed to high control standards. Xerox Global Services is already maintaining BS7799 registrations in Europe and is on schedule to achieve additional registrations in North America during 2005.
BS7799 is the most widely recognized security standard in the world. It is com-prehensive in its coverage of security issues, containing a significant number of control requirements. With BS7799 certification, the effectiveness of an organization’s security controls is monitored on an ongoing basis, providing the feedback necessary to continually improve.
The BS7799 certification, in addition to yearly SAS 70 reports, will provide Xerox Global Services customers with unprecedented levels of assurance regarding the quality of our controls.
For more information about Xerox Global Services and our commitment to SAS 70 reporting, visit www.xerox.com/globalservices
Leading companies recommend service providers with SAS 70. Companies deploying services audited under the SAS 70 standard can also use the report to support their annual documentation of information and financial reporting controls stipulated in Section 404 of the Sarbanes-Oxley Act.
“Given the critical nature of the business processes we’ve outsourced to Xerox, the SAS 70 audit gave us further comfort that our business was in the hands of professionals who take security and the safeguarding of information very seriously.”
Gene Roth, Corporate Purchasing and Supplier Diversity Manager, Enterprise Rent-A-Car
® ® © 2005 XEROX CORPORATION. All rights reserved. XEROXand There’s a New Way to Look at Itare registered trademarks of XEROX CORPORATION. All other brand names are trademarks of their respective owners. 03/05
  • Univers Univers
  • Ebooks Ebooks
  • Livres audio Livres audio
  • Presse Presse
  • Podcasts Podcasts
  • BD BD
  • Documents Documents