PaulDotCom mailing list archives

Re: Saas Vendors

From: Bob Hewitt <bob18360 () gmail com>
Date: Fri, 18 Feb 2011 11:46:39 -0500

You can request the basics, independent security audit w/ pen test,  as well
as a SAS70.

These will at least demonstrate you exercised due care.
On Feb 18, 2011 11:33 AM, "Andrew Anderson" <andycapp92 () gmail com> wrote:

My organization is currently looking at a web-based hosted solution to one
of our needs.

I am wondering what is the defacto standard with regard to Saas vendors

and

communicating the state of their security. My current assumption is that

in

the majority of cases, the client has no access to anything other than a
promise that the vendor is secure. Is that true?

Beyond informing management that they are in the position of having to
blindly trust the provider; I am looking for any advice as to ways of
gaining more comfort with a particular vendor that actually work / have
worked for you?

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Saas Vendors Andrew Anderson (Feb 18)
- Re: Saas Vendors Bob Hewitt (Feb 18)
- Re: Saas Vendors Josh More (Feb 18)
- Re: Saas Vendors Juan Cortes (Feb 18)
  - Re: Saas Vendors MV (Feb 18)
- Re: Saas Vendors Mvharley2 (Feb 18)
- Re: Saas Vendors Mvharley2 (Feb 18)