Esize now also has SAS 70 type 2 certification

Procurement solutions provider Esize has received the SAS 70 type 2 quality statement from its external auditor BDO Audit & Assurance. SAS 70 type 2 is an internationally recognised standard that provides an assessment of the effective and long-term operation of internal control measures. The certification is the result of a successful audit where BDO has checked whether the Esize organisation has put into practice all processes and audits in accordance with the regulations. Esize was already issued with an SAS 70 type 1 statement at the end of 2010 that describes the internal audits of the organisation. Esize is offering its customers certainty about the quality of the services and the guarantee that the internal processes and procedures have been appropriately designed and are being checked through this certification.

Security
Esize decided last year to complete an SAS 70 certification process after having inventoried its customers because the market sets ever higher standards with regard to the quality of services. The organisation is demonstrating that it has a sound and transparent process for the sale, delivery, service and development of its software solutions by attaining SAS 70 certification. 

Esize has grown considerably and has welcomed a large number of leading customers the past few years. The optimisation of services has always been important. Especially considering the sensitivity of the data of the procurement process of its customers and the fact that Esize offers its products based on Software as a Service (SaaS), it is most certainly essential that the internal processes lead to a stable and secure solution.

"We are proud that we have completed the certification process successfully," says Paul van Rietschoten, Esize Commercial Director. "The security of the application is essential to us and our customers. We, therefore, continuously work on the optimisation of security where we seek advice from external specialists. We are demonstrating to our customers that we control our processes and risks appropriately by obtaining SAS 70 certification. We also have this explicitly verified by an external party. This gives our customers certainty."

SAS 70 statement
SAS 70 stands for Statement on Auditing Standards number 70 and is a quality label for organisations supplying services. SAS 70 provides assurance regarding the correctness, completeness, timeliness and reliability of processes and control measures. But it especially indicates which control mechanisms have been verified, what has been tested and what has been found. The report is a detailed definition of the full SAS 70 exercise that has been performed. SAS 70 has been developed by the American Institute of Certified Public Accountants (AICPA). It is an internationally recognised auditing standard.

SAS 70 consists of two steps. Esize was first issued with a type 1 statement, which means that all processes have been described, that the control mechanisms that are contemplated are present and that they have been set up correctly to attain control objectives. After six months, an audit was performed on the effectiveness of the described control mechanisms to arrive at the set control objectives. This resulted in a type 2 statement.