January 1, 2007
Siennax becomes the first IT company in the Netherlands to attain the Statement on Auditing Standard number 70 (SAS -70) type 2 certificate, awarded by the accountancy agency Deloitte.
During a period of some six months, Deloitte assessed all of Siennax’ procedures, processes and systems, before concluding that the firm complies with the standards established by the American Institute of Certified Public Accountants (AICPA).Pursuant to the Sarbanes Oxley (SOX) legislation that came into force in July 2002, all firms listed on the American exchanges have to demonstrate that they have implemented suitable monitoring and management measures to vouch for the accuracy of the financial performance figures published.
This calls not only for the introduction of checks and balances, but also means of demonstrating that said measures and checks are effective. The conditions imposed under Section 404 of this Act in particular apply to the management of information technology, wherever it may have an impact on the reliability of financial reporting. The repercussions of this legislation are that the auditors may not suffice by solely examining intent or the presence of manuals - as is the case with ISO 9000-certification, for instance – but has to actually establish that the measures have been implemented effectively. In fact, this responsibility even extends to (sub-)processes that have been subcontracted to third parties.
The SAS 70 certification provides the client with security that effective management measures have been implemented for the subcontracted sub-process. The need for SAS - 70 type II certification is also recognised in the Netherlands, as the Netherlands Authority for the Financial Markets (AFM) confirms that an SAS 70 certificate provides security when subcontracting one’s processes and infrastructure.
Generally speaking, the attainment of SAS 70 type II certification is a long drawn-out process. ‘At Siennax, however, the SAS 70 certification was awarded fairly swiftly, as the firm has been Trust Services certified since 2003,’ according to Rob Stout, a partner at Deloitte, ‘all of the basic requirements for the SAS 70 type II certificate were therefore already in place.’
‘To us, SAS 70 certification was the next logical step’, the CTO of Siennax, Michiel Steltman explained ‘as we bear a huge responsibility in the execution of major processes for our clients both in Europe and the US, and therefore also manage vast quantities of business critical data. We are keen to offer our clients full transparency with regard to the management of such information.’
The SAS 70 statement:
The SAS 70 statement is available to Siennax clients for internal auditing purposes. The report in question provides detailed insight into the matters investigated and the improvements implemented during the six-month auditing period. ‘The SAS 70 is an absolute must, if we want our clients to take us seriously as an enterprise ASP’, according to Frits Veltink, CCO of Siennax. ‘Whether the data in question comprises a major bank’s global personnel files, all of a large retailer’s purchase data, or another large bank’s on-line payment transactions, we do have to are ask them to place it all outside their firewalls. This is where SAS 70 certification proves useful in assuring clients that the management of such data is safe in our hands.’
About Siennax:
During the course of the past nine years, Siennax has established itself as one of Europe's leading enterprise ASPs. Siennax supplies a range of solutions for the support and execution of processes in the field of training, e-commerce and purchasing. In addition, it places its eco-system for ASP services to software suppliers keen to offer their products as a service. Siennax is Europe’s sole Trust Services-certified Service Provider, which has also been SAS 70 type II certified since the close of 2006. This serves as an external guarantee to clients and other interested parties that Siennax’ systems and processes are suitably secure and that all of the necessary IT-controls are both available and effective in providing assurances in the field of integrity and availability. Siennax is proud that its client base includes the following organisations: ABNAMRO, ING Bank, SNS Reaal, Netherlands Ministry of Public Works & Water Management, ABZ, ASML, Maxeda, Petco, PCM, Wolters Kluwer, Sanoma, Leroy Merlin, REWE, COOP and the Royal Dutch Notaries’ association (KNB).
Established in 1998, Siennax’ shareholders include its management and workforce, as well as a number of major institutional investors, such as Prime Technology Ventures, Favonius and Capital-C Ventures. Siennax has a current workforce of around 70, employed at its offices in Amstelveen, Frankfurt and San Diego.
Further information on Siennax can be found at www.siennax.com
T: +31(0)20 547 8000
E: pr@siennax.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it
For further information on SAS 70 (II), please consult:
http://www.sas70.com/