Why SAS 70 Certification Matters at Both the Data Center and the Application

3 min read

Automating key business processes may not be the first thing companies are thinking of when evaluating their compliance initiatives, but certainly the two go hand-in-hand. According to a recent study by AMR Research, 42 percent of respondents reported that streamlining business processes is a primary benefit of good governance, risk management and compliance practices. Sarbanes-Oxley (SOX) legislation has forced companies to implement greater internal controls.

Given the importance of this issue, shouldn’t technology vendors be required to deliver solutions that meet the highest professional standards for ensuring internal controls? Xactly thinks so. We have had Type II SAS 70 certification at our data center for some time and have extended this leadership position when we announced this week that Xactly Incent successfully completed a Type I SAS 70 audit.

By way of this achievement, Xactly Incent is the first independently validated SAS 70 on-demand sales compensation management application hosted in a SAS 70 Type II certified facility underscoring Xactly’s commitment to providing customers maximum assurances with regard to compliance with Sarbanes-Oxley (SOX) regulations and concerns over outsourced controls. SAS 70 refers to the American Institute of Certified Public Accountants Statement on Auditing Standard (SAS) No. 70 that defines the standards used by an auditor to assess the internal controls of a service organization.

But what’s important is not that Xactly is the only on-demand sales compensation management company that can claim its application and hosting facility are both SAS 70 certified. The critical point is that now companies can get automation and security without paying exorbitant enterprise software prices. The long-standing enterprise software company criticism that on-demand solutions are not secure is no longer viable.

Simply put, SOX is too important to be taken lightly. Companies can hold vendors accountable by engaging only those whose applications and hosting facilities have been certified SAS 70 compliant. Once again, Xactly has raised the bar by putting in place the most rigorous controls.