The SAS 70 audit is a popular examination of internal corporate controls. SAS 70 can be helpful in examining the quality of a potential business partner’s security controls. It can also be very damaging when it is misrepresented as proof of ironclad security. CSOs must read SAS 70 reports in the context of how they would establish their company’s controls and compare those to the service provider’s. A SAS 70 report may have plenty of material that has nothing to do with a company’s financial controls, experts say.”]
Source: https://www.csoonline.com/article/2119054/sas-70.html