Introduction ◾ 21
© 2011 by Taylor & Francis Group, LLC
should be approved by the auditing rm. In either case, consumers of an SAS
70 or other control-objective-based audit would be well advised to study the
control objectives contained in the report and base their assurance in the
report on the relevance of the control objectives for which the organization
was audited.
References
American Institute of Certied Public Accountants. 2004. Service Organizations: Applying
SAS No. 70, as Amended: AICPA Guide.
An Introduction to Computer Security: A NIST Handbook. October 1995. NIST Special
Publication 800-12. http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html
(accessed 8/1/03).
ASIS International. November 13, 2002. e General Security ...