...
For CenterBeam, a San Jose, Calif.-based IT outsourced services company, the decision to pursue SAS 70 Type II certification was an easy one, according to Eric Arnold, vice president of security, engineering and operations.
First, clients expect it and second, it allows them to provide clients with the value-add of taking on the responsibility of a least a portion of their customers’ compliance requirements.
“We had one customer who brought in an army of guys, including their auditors. They were loaded for bear,” said Arnold. “I asked them to show me their SOX (Sarbanes Oxley) criteria for the audit and, after going through it line by line, I came up with a matrix of three things we could do for them” that encompassed consultative, enabling and providing roles. “If you imagine a line with two end points, where one end is empty and the other is full, that’s the SOX criteria. We were able to cover the first third.”
The entire process took CenterBeam about two months and 25 hours a week of Arnold’s time, but he said the ROI is more than worth the effort and expense. For starters, the certification has enabled the company to close deals that were otherwise out of reach, and they realized an improvement in overall productivity.
Finally, said Arnold, who still spends about 15% of his month working with auditors from client companies, the SAS 70 lets him respond quickly to those requests. “Before we had certification … it was a nightmare.”
