Posts Tagged ‘SAS 70’

Data Security in Lavante Application

Wednesday, July 13th, 2011

There has been much press recently about websites being hacked, raising the security stakes for businesses that rely on the internet and SaaS-based systems.  At Lavante we take data security very seriously, and continuously improve our processes and technologies to protect our customer’s and supplier’s data.

Here are several concrete steps we have taken to address such security issues:

  1. SAS 70 Certification: Lavante has recently undergone SAS 70 Type II certification.  Statement on Auditing Standards (SAS) No. 70 is a widely-recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).  It represents that a service organization has been through an in-depth audit of their control objectives and control activities, including controls over information technology and related processes. Lavante further underscored its commitment to data security and protection by migrating its hosting to a leading U.S. SAS 70 data center that provides state-of-the art, secure, SAS 70 data center IT infrastructure.  Lavante has always maintained the highest security and control of data, but the new Type II certification along with the move to this new facility provides additional guarantees that customer data is secure.  You can find additional details at http://www.lavante.com/sas-70-certification.
  2. McAfee SECURE certification: Websites displaying McAfee SECURE symbol are tested and certified daily to pass McAfee security scan which help protect you from identity theft, viruses, spyware, and other online dangers.  More details at https://www.mcafeesecure.com/RatingVerify?ref=connect.lavante.com.  You will find a McAfee SECURE seal in our application login page.
  3. DigiCert certification: DigiCert® (http://www.digicert.com/) provides security to Lavante by enabling the encryption of data transmitted between Lavante and your browser during an encrypted SSL/TLS session (look for the padlock). DigiCert® has verified that Lavante controls its site/domain. Records reviewed by DigiCert® confirm Lavante to be an existing Entity/Organization at the time of the review.  You will also find a DigiCert seal in our login page.
  4. Encryption of sensitive data: In addition to above security measure all sensitive data such as password, tax identification and banking information are also encrypted in Lavante Supplier Information Management application.

This is a rapidly evolving area.  I welcome your comments about any of these security measures and the related trends.

Tags: , ,
Posted in AP Industry, AP Technology Innovation, Lavante, Recovery Audit, Technology | No Comments »

divider image

Lavante Responds to Customer Data Security Concerns with SAS 70 Type II Certification

Monday, June 27th, 2011

Last week marked an exciting moment for Lavante when we announced our SAS 70 Type II certification, continuing our forward momentum in developing and applying technology advances that benefit our customers. Statement on Auditing Standards No. 70, commonly abbreviated as SAS 70, is an auditing standard issued by American Institute of Certified Public Accountants (AICPA).

Our SAS 70 certification began with identifying 27 key controls related to our software development and data access security processes. Those controls were then evaluated and tested by a third party audit firm over a period of six months to ensure sustained performance. We are proud to have passed these tests and achieve the certification.

Our commitment to going through this long and rather arduous process came directly from our customer. After listening to their concerns around data security and SaaS applications we felt it was a necessary step to take in order to assure them that we had the highest level of security for all data.

But the impact of this certification extends beyond our customers, out to the industry as a whole. There are two different ways for a company to demonstrate SAS 70 compliance – the first is to use a SAS 70-compliant data hosting center, the second is to certify internal controls and development processes.

While other service providers in our industry have relied on only the first type, using SAS 70-compliant data centers, we clearly heard from our customers that this just wasn’t good enough. They wanted further assurance that development controls were in place on all internal processes, validated through a third party, as SAS 70 does.

To fully answer these requirements, we not only met the data center SAS 70 requirement, but extended this to cover the critical internal part of the equation. I predict that other service providers in our industry will now go down this same road, and adopt similar certification of internal process controls. This will be have a positive impact on our industry, by providing customers with further peace of mind and assurances that their data is secure.

In the end, I firmly believe that the future of our industry will flow directly through technology, providing intuitive applications that empower and enable people and companies to do more with less. As Lavante has demonstrated, most recently with our statement audit patent approval, that we will continue to lead the way in innovation and deploying technology that provides the highest levels of security to our customers.

Please add your comments here about what you think are them most critical concerns around data security and SAS 70 certification.

Tags: , , ,
Posted in AP Industry, Lavante, Recovery Audit | No Comments »

divider image