Can Linux Pass the SAS70 Certification Tests? 1
One of the Infinite Number of Anonymous Coward asks: "Our company threw Linux to the curb because management decided that Linux would never be able to pass an SAS70 security audit. I do not think they even checked to see if this is really true. Does anyone know of or have experiance with SAS70 certified operations using linux? Is it possible?" What's involved with SAS70 certification where Linux (and other Unixen for that matter) may fall short?
SAS 70: Processing by Service Organizations (Score:2)
There's a summary [state.oh.us] by the Ohio State auditor. A CPA Journal article [luca.com] is more technically oriented.
I'm not aware of anything which is sensitive to any operating system. It's just a matter of having standards and procedures for all the hardware and software which is being used. A computer has to have controls over its maintenance, upgrades, and configuration. Those controls have to be formal enough for the auditor to be able to document them for the SAS 70.