SAS 70 Type II Compliance
Statement on Auditing Standards No. 70, commonly referred to as SAS 70, is an auditing statement developed by the American Institute
of Certified Public Accountants (AICPA). SAS 70 is designed to allow auditors to review the controls* established by service organizations.
Independent auditors review the control objectives and activities to ensure the controls are valid and enforced
*A control is a method used to ensure a policy and/or procedure established by a service
organization is followed
Capax Global's SAS 70 Type II controls are as follows:
- Datacenter Access / Security
- Data Storage
- Customer Information Security
- Change Procedures of Hardware / Software
Locations & Disaster Recovery (DR)
- East Coast & West Coast
- DR site available at additional cost
Physical Security
- Ballistic-rated exterior, including doors & windows
- Double Man Traps force double verification and provides extra secure datacenter entry
- Redundant off-site monitoring of all security systems
- Locked Cabinets and Cages
Power & Cooling
- Power and cooling configured in 2N model
- Redundant Backup Battery Systems
- Diesel-Powered Generators
- Rigorous, Regular System Testing
Connectivity
Internal
- Multi-Gig Network Backbone with over 5.6Gbps bandwidth
- Multiple network providers built in for point-to-connectivity
- Redundant DNS Servers
External
- 100Gbps Juniper Firewall
- Multiple ISPs (Level3, Time Warner Telecom, Savvis, RCN, GNAP, and
MCI/Uunet.) with redundant diverse paths to external connections
- 45Mbps Internet bandwidth burstable to 100Mbps as needed with room
for expansion to 1Gbps if needed