You can request the basics, independent security audit w/ pen test, as well as a SAS70.
These will at least demonstrate you exercised due care. On Feb 18, 2011 11:33 AM, "Andrew Anderson" <[email protected]> wrote: > My organization is currently looking at a web-based hosted solution to one > of our needs. > > I am wondering what is the defacto standard with regard to Saas vendors and > communicating the state of their security. My current assumption is that in > the majority of cases, the client has no access to anything other than a > promise that the vendor is secure. Is that true? > > Beyond informing management that they are in the position of having to > blindly trust the provider; I am looking for any advice as to ways of > gaining more comfort with a particular vendor that actually work / have > worked for you?
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
