The Highest Security Standard
SAS70 vs. FISMA
The Highest Security Standard
For nearly 20 years, SAS 70 (Statement on Auditing Standards No. 70) has been the gold standard for proving the effectiveness of a consulting firm’s internal controls. The problem is that this standard was never designed to evaluate security and controls used by restructuring, class action, or mass tort consulting firms.
A SAS 70 audit, however, only verifies that the organization follows the controls and processes that are already in place. It does not set minimum standards for security or provide benchmarks to which service providers can be held accountable.
A SAS 70 audit is most meaningful when the auditor tests internal controls and procedures based on a specific framework or standards such as ISO 27001 / 27002, FIPS 200 or the AICPA Trust Principles. With each consulting firm selecting whatever scope and framework is most advantageous, a firm with weak controls and processes who has only their financial systems audited can claim the same level of audit as a service provider with strong controls and systems who has their notice and claims administration systems audited. The only way a user can tell the difference is to read through and compare the detailed audit reports -- but different standards make true comparisons between firms almost impossible.
While BMC Group meets the highest SAS70 requirements, recognizing the weaknesses in the SAS 70 standard, BMC Group adopted the more stringent Federal information security standards. Our comprehensive Federal System Test and Evaluation Report is even more detailed and thorough than your standard SAS 70 – and corresponds closely with SOC 2/3 and ISO 27002 standards. BMC Group Class Action Services has a current SAS70 Type I report, and is in the process of preparing for an audit under the new SOC 2 standards.
BMC Group Class Action Services maintains a site based FISMA-moderate authority to operate (ATO) from the Federal Trade Commission. This accreditation includes all of the systems, processes, and procedures needed to ensure the confidentiality, integrity and availability of the data that is entrusted to us. This includes full disaster recovery and business continuity planning.
More BMC Group Solutions
SmartRoom Virtual Data Room
BMC Group provides SmartRoom, a powerful cloud-based deal management solution, for due diligence, fundraising, M&A deals, post-merger integration, secure collaboration, restructuring, legal settlements, and medical records analysis. Learn More
BMC Group delivers proven bankruptcy and restructuring technology and services as a leading claims agent supporting asset sales, loan restructuring, bankruptcy contingency planning, legal noticing, claims administration, plan solicitation, and funds distribution. Learn More
Class Action & Mass Tort Services
BMC Group offers superior case administration management technology and support for pre-settlement consulting, legal noticing & class communications, claims management, and settlement fund distribution. Learn More
Medical Records & Clinical Trials
BMC Group provides a flexible online medical record management platform for securely sharing confidential information. With access to our network of highly skilled legal nurse consultants, BMC Group delivers in-depth medical record organization and analysis. Learn More