What Nonprofits Should Look for in a SaaS Provider

SAS 70 compliance requires IT controls, such as database access, data transmissions, data backup and recovery, and application security; personnel controls, such as the logging of all access and activity, no user permissions to servers or data without specific procedures, and the logging of all access and activity; and financial controls, such as payable controls, consistent auditing of balances, and enforced role definition and separation.