Santa Clara, Calif., September 6, 2005 OpSource, the SaaS expertssm, announced that it completed a service auditor’s review, commonly known as a SAS 70 audit, of the general controls supporting the Optimal On-Demand and Optimal Enterprise services. The audit was completed in July, 2005, and performed by a nationally recognized independent auditing firm that is registered with the Public Company Accounting Oversight Board (PCAOB). The SAS 70 report addresses all five components of internal control outlined in the Sarbanes-Oxley legislation, namely the control environment, risk assessment activities, control activities, information and communication systems and monitoring activities.
“It is an absolute requirement that our SaaS delivery partner has Type II SAS 70 controls in place, because, for certain clients, we are contractually obligated to comply with Type II SAS 70,” noted Guy Hilbert, vice president, KANA, a leading provider of Service Resolution Management (SRM) solutions. “Needless to say, we are pleased that OpSource maintains such high standards. A well-run operation with established procedures is of paramount importance to us, as it assures us flawless delivery, audited results and excellent service levels.”
OpSource’s management understands the ever increasing importance of corporate governance, as well as the impact of its services on the client’s system of internal controls. “OpSource’s successful completion of this audit demonstrates our commitment to quality and the importance we place on being a trusted service provider,” stated Treb Ryan, CEO, OpSource. “Sarbanes-Oxley legislation has placed an increased focus on the internal controls of business partners such as OpSource. The SAS 70 audit report verifies the valuable role that OpSource plays in the control environment of our clients’ on-demand software applications. The report provides a certain level of assurance regarding the controls that are maintained by OpSource within our on-demand infrastructure. The structure of the report was very intuitive and will be well-integrated with our clients’ Sarbanes-Oxley compliance programs.”
The successful completion of the 2005 SAS 70 audit is only part of OpSource’s continued commitment to maintaining a high level of internal control. OpSource has engaged its service auditor to a long-term contract whereby OpSource will undergo a Type II SAS 70 audit on an annual basis.
About the SAS 70 Audit Process
SAS 70 is an acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Auditing Standard (SAS) No. 70, titled “Reports on the Processing of Transactions by Service Organizations”. SAS No. 70 defines the professional standards used by a service auditor to assess the internal controls of a service organization and issue a service auditor’s report.
To complete the audit, OpSource management developed control objectives for the significant areas of internal control that support the general controls surrounding the Optimal On-Demand and Optimal Enterprise services. The control objectives in the 2005 report addressed each of the following areas:
Control Environment
Physical Security
Environmental Protection
Computer Operations
Information Security
Data Communications
Customer Access Controls
OpSource’s service auditor performed extensive testing of the control activities that have been implemented by OpSource to help ensure that its control objectives have been met. Following a rigorous examination, the auditing firm was able to state, without qualification, that:
The description of the controls prepared by OpSource presents fairly, in all material respects, the relevant aspects of OpSource’s controls that had been placed in operation as of July 31, 2005;
The controls were suitably designed to provide reasonable assurance that the specified control objectives would be achieved if those controls were complied with satisfactorily; and
The controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the review period of January 1, 2005, to July 31, 2005.
About OpSource
OpSource, a leader in enabling Software as a Service (SaaS), provides cost-effective, turnkey solutions for software companies that need to quickly add or grow SaaS products and revenue. Optimal On-Demandsm, a comprehensive and scalable offering built on the company’s patent-pending OptiTech Services Enginesm, meets the growing need for software companies to deliver SaaS quickly, without the inherent risk and investment in a costly services infrastructure. Optimal On-Demand includes application management, end-user support, 24×7 systems management, hosting and networking, security, disaster recovery, change management, and more, as well as optional consulting services to help software companies work through the business model, code, and operational issues associated with SaaS. Optimal On-Demand is provided under the software company’s brand and priced per unit, on-demand, delivering immediate and ongoing ROI.
Headquartered in Santa Clara, CA, OpSource has additional operations in the Los Angeles, New York City, Denver, Chicago, and Washington, D.C. metro areas, as well as international offices in London and Bangalore. For more information about OpSource, visit the company’s web site at opsource.net.