SAS 70 (Statement on Auditing Standards No. 70)

SAS 70 (Statement on Auditing Standards No. 70) is an auditing standard used to evaluate and report on a service organization's internal controls relevant to user companies' financial reporting. It ensures that a third-party provider, such as a data center or cloud service, has effective processes in place to protect data, ensure security, and maintain operational reliability. While SAS 70 reports were widely used before 2011, they have since been replaced by SSAE 18 and other standards, but the core goal remains: providing assurance to clients that the service provider manages controls appropriately.