CAPS Completes SAS 70 Audit

Connecticut-based Computer Alternative Processing Sites (CAPS), Inc., an IT infrastructure solutions provider to large enterprise organizations and small and medium businesses (SMB), announces the completion of the 2011 service auditor’s review of its General Controls Supporting the Remote Backup and Recovery Hosting Solutions.

A nationally-recognized independent auditing firm handled all phases of the review, commonly known as a SAS 70 audit, encompassing the April 1, 2010 to March 31, 2011 period.

The annual SAS70 Type II audit is part of CAPS’ corporate responsibility to provide a consistent high level of internal control. "Our clients expect our systems and internal controls to meet and / or exceed their own internal governance specifications," said Peter J. Messina, senior vice president and chief operating officer of CAPS. "This need takes on even greater significance, with the many governance changes on the horizon. Clients come to CAPS for the reliability and stability we offer them, as well as the accompanying peace of mind."

SAS 70 is an acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standard (SAS) No. 70, titled Reports on the Processing of Transactions by Service Organizations. SAS No. 70 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report.

In order to complete the audit, CAPS management developed control objectives for the significant areas of internal control, which support the General Controls Supporting the Remote Backup and Recovery Hosting Solutions.

The control objectives in the Year report
addressed each of the following areas:

• Physical Security
• Environmental Protection
• Network Monitoring, Problem Escalation and Support
• Data Communications
• Client Setup

CAPS’ service auditor performed testing of the control activities that have been implemented by CAPS, to help ensure that our control objectives are met.

CAPS management recognizes that The Sarbanes-Oxley Act (SOX) and The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules legislation has placed an increased focus on the internal controls of valued business partners. The SAS 70 audit report is designed to provide clients with a certain level of assurance regarding the controls that are maintained by CAPS management.

The SAS 70 report addresses all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems, and monitoring activities. The report’s structure is intuitive; its design enables it to be incorporated well with clients’ SOX and HIPAA compliance programs.

CAPS SAS 70 Type II facilities serve large enterprise and SMB clients operating within the northeast states forming the Boston-New York metro business corridor. Colocation, Managed Services, Data Backup, Workstation Facilities for Disaster Recovery / Business Continuity, and Notification Communication Systems are among the services offered by CAPS.