Andrew Storms: SAS70 is a lousy IT standard at best because it offers everyone an easy way to pass a security audit when their programs deserve a failing grade. The flaws in SAS70 for IT are enormous, but the biggest has to be that it lacks a standard framework. SAS70 audits are a breeding ground for IT sleights of hand, Storms says. The time has come to get rid of it forever, he says, and customers to spend enormous amounts of time in due diligence.
Source: https://threatpost.com/sas70-needs-die-091012/76990/