What Nonprofits Should Look for in a SaaS Provider
Nonprofits must also insist upon working with SaaS providers that have completed a SAS 70 Type II audit of their controls and procedures to ensure maximum data security. In today’s business environment, service organizations and providers, such as SaaS vendors, must demonstrate that they have adequate controls and safeguards when hosting data belonging to their customers. In addition, Sarbanes-Oxley now mandates that CEOs and CFOs of publicly traded companies take personal responsibility for the effectiveness of internal control over financial reporting. As a result, the SAS 70 audit is a preferred method of providing assurance for service organization clients subject to Section 404 of Sarbanes-Oxley. Private companies do not face the same requirements — and subsequently, data safeguards — as public companies.