“DriveSavers is the only data recovery service provider in the industry who is SAS 70 Type II compliant. With more than 8,000 business partners worldwide serving the financial, healthcare, government and corporate business sectors, it’s absolutely essential for our customers to know that DriveSavers can protect the integrity of their data.”

Michael Hall, CISO, DriveSavers

About the Goetsch Associates SAS 70 Type II Audit:

SAS 70 Type II Certification ensures industry-leading data security for organizations with stringent information security policies. To maintain its SAS 70 Type II compliance year-to-year, DriveSavers undergoes annual audits of its internal data hosting and processing controls. These annual audits are conducted by control-oriented professionals from Goetsch Associates, an independent firm with experience in accounting, auditing, and information security. At the end of each annual audit period, a successive six-month “look back” audit begins, and an updated report is generated reflecting the dates for which records were reviewed.

The report below was generated from the six-month documentation review period conducted during the most recent audit of our data hosting and processing controls. The six-month documentation “look back” period is reflected in the dates on the report posted here (e.g., June 1, 2009 thru May 31, 2010). DriveSavers continues to maintain its SAS 70 Certification throughout the year.

Goetsch Associates SAS 70 Type II Audit Report

See all Proof of Certification categories

Cover	Page 1
Page 2	Page 3

“The audit turned out great, this is one of the cleanest audits I’ve ever seen. Congratulations!”

Kurt L. Goetsch, CPA, Senior Partner
Goetsch & Associates, CPAs PLLC

Benefits of Working with a SAS 70 Certified Data Recovery Service Provider

The SAS 70 audit differentiates DriveSavers from all other data recovery service providers in the industry today.

SAS 70 Type II compliance verifies our qualification to handle secure enterprise-class recoveries, and support corporate customers who must maintain compliance with data privacy and data security regulations such as HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley Act of 2002), GLBA (Gramm-Leach-Bliley Act of 1999, and ISO 27000).

SAS 70 Type II compliance assures our customers and partners that only authorized data recovery engineers have access to their personal and confidential data. Once the recovery process is complete, data is stored on our secure network until the integrity of the recovered data is verified. Custom solutions are offered for recoveries on encrypted files and drives. Data is protected during transit to and from our facility. Should instant access of the recovered data be required, data is transmitted via a secure FTP site. Secure and permanent data destruction is available upon request.

SAS 70 Type II certification is mandated by many of our data recovery customers:

• Publicly-traded companies who must comply with the Sarbanes-Oxley Act of 2002 through a SOX audit for SOX compliance
• Companies with legally-protected customer information, such as financial institutions
• Businesses that must protect health information (HIPAA)
• Universities with protected student information (FERPA)
• Loan originators and credit rating agencies and their providers (FCRA, GLBA)
• Providers of services involving eCommerce (WebTrust, PCI)