In February 2010, CariNet passed the stringent auditing controls necessary for a SAS 70 certification, as determined by NDBLLP, an independent accounting and auditing firm.
CariNet’s Certification Statement
We have examined the accompanying description of general controls supporting CariNet’s cloud computing platform in San Diego, CA. Our examination included procedures to obtain reasonable assurance about whether
(1) the accompanying description presents fairly, in all material respects, the aspects of CariNet’s controls that may be relevant to user organization’s internal control as it relates to an audit of financial statements;
(2) the controls included in this description were suitably designed to achieve the control objectives specified in the description, if those controls were complied with satisfactorily, and user organizations applied the controls contemplated in the design of CariNet’s controls; and
(3) such controls has been placed in operation as of February 4, 2010.
The control objectives were specified by management of CariNet. Our examination was performed in accordance with standards established by the American Institute of Certified Public Accountants (AICPA) and included those procedures we considered necessary in the circumstances to obtain a reasonable basis for rendering our opinion.
—NDB Accountants & Consultants, LLP
What is SAS 70?
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A service auditor’s examination performed in accordance with SAS No. 70 (“SAS 70 Audit”) is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. In today’s global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting.
For additional information please visit http://www.sas70.com