SysTrust Certified Backup  
Free 24/7 Support @ 866.7.BACKUP Contact · Support · Billing · Clients · Partners
Why Back Up
Offsite?		 Backup Plans & Pricing Software
Features		 Backup
Data Security		 Corporate
Information
Why use RDB?
Data & system loss risks
Types of backup users
Regulatory Compliance
Data Protection Laws
Healthcare Backup
Accounting Backup
SysTrust Certified
Data Protection Act (UK)
Files to back up
Data Security White Papers - Remote Data Backups

WHITE PAPER:

SysTrust-Certified Accounting Backup
From Our Clients
QuickBooks POS logo
“This product is great! I’m already recommending it to my clients.”
— Karla J. Gulke, CPA
QuickTech Accounting

   > More Clients
   > More Testimonials

SysTrust Certified Backup

Our online backup system has been examined and SysTrust Certified by the independent accounting firm PriceWaterhouseCoopers.

   Free 30-Day Trial - Download Now
Sarbanes-Oxley Regulations >

SysTrust Certified BackupSysTrust is an assurance service developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

SysTrust: Who needs it and why

SysTrust Certification is critical assurance for any CPA, bank, lender or financial institution subject to an audit of their data security system. Failure to meet industry standards, or loss of data due to improper security data procedures, can result in penalties and fines of up to $1000 per infraction (customer).

A SysTrust Certification is designed to offer assurance to a broad audience—management, boards of directors, customers, and business partners—about the information systems that support a business or one of its segments.

In a SysTrust engagement, a CPA performs an examination or audit to evaluate the system’s reliability. A positive SysTrust report attests to the system’s reliability and ability to operate without material error, flaw, or failure during a stated period of time in a specified environment.

SysTrust tests system reliability according to four essential principles:

  1. Security
    The system is protected against unauthorized physical and logical access.
    Restricted data center access, bank-level encryption, private key.
  2. Availability
    The system is available for operation and use at times set forth in service-level agreements.
    Our data centers have over 99.99% avaiability for the past 8 years.
  3. Processing Integrity
    System processing is complete, accurate, timely, and authorized.
    Data is encrypted before it leaves the host, then transferred and stored in encrypted format.
  4. Maintainability
    The system can be updated when required in a manner that continues to provide for system availability, security, and integrity.
    Software and data center updates don't interfere with client backups and restores.

Certification process encompasses our general IT infrastructure, including:

  • Production data center and network operations
  • Server configuration and database administration
  • Storage management systems
  • Disaster recovery processes
  • System monitoring tools and processes
  • System security (both logical and physical)
  • Change management and common support processes.

Clients would be interested in a systems assurance examination for some of the following reasons:

  • Internal and external users can lose access to essential services because of system failures and crashes.
  • Systems can be vulnerable to viruses and hackers because of unauthorized system access.
  • System failure can result in loss of access to system services or loss of data confidentiality or integrity.
  • Negative publicity in the wake of high-profile system failures can undermine customer and investor confidence.

SysTrust standards also include 58 underlying criteria that establish the specific control objectives a system must meet to be considered reliable.

Why SysTrust affects data backup, and SAS#70 does not

Remote Data Backups elected to obtain a SysTrust Certification as is a more stringent data security standard than SAS70, and a more applicable compliance standard for online backup solutions.

Contrary to popular misconception, SAS 70 pertains to internal controls and practices within the company or organization to deliver accurate and truthful financial information to its clients, and does not specifically address the backup company that protects their data.

The Sarbanes/Oxley Act of 2002 requires financial institutions to furnish SAS-70 Reports to its customers as a way of assert the level of controls over their financial statements and assertions.

Differences between SAS 70 and SysTrust audit engagements

Criteria SAS 70 SysTrust
Nature of the engagement Provides a report on a service organization's controls related to financial statement assertions of user organizations. Provides a report on system reliability using standard principles and criteria for all engagements.
Pre-defined criteria? No. Yes.
Objective of the engagement Information sharing and assurance. Provides detailed information on the design of the system and controls, an opinion on the system description and controls, and the results of the auditor's procedures. Assurance on a system. No detail on the underlying control procedures is provided.
Types of systems addressed Systems that process transactions or data for the user organization Any system (includes third-party tools and services such as data backup).
Distribution of report Generally restricted to the service organization, user organizations, and prospective user organizations (internal). No restrictions (includes third-party tools and services such as data backup).
Audience for the report Service organizations, user organizations (i.e. customers), and auditors of the user organizations. Stakeholders of the system - the business or organization, i.e. owners, managers, business partners, shareholders, etc.
From v.2.0 of "AICPA/CICA SysTrust Principles & Criteria for Systems Reliability"
  © 1999-2010 Remote Data Backups, Inc. · 866.722.2587 24/7 · Top Bookmark and Share