HTLCNETWORK LOGO
    02/02/2009 - Welcome to HTLCNetwork


 



STATEMENT ON AUDITING STANDARDS N°70 (S.A.S.70)
Click Here To Download pdf file
 
 
The American Institute of Certified Public Accountants (AICPA) has developed this procedure in order to grant a higher level of control on objectives, activities and information technology processes of medium and big size enterprises, granting that especially when hosting or processing data belonging to customers, also according to the section 404 of the US Sarbanes-Oxley Act of 2002, which is legally applicable in USA only, but with a worldwide impact due to the many multinational enterprises, for which the law is mandatory, if the company is registered by the stock exchange.
This situation is also to be considered jointly with the fact that in the European Union are applicable specific directives, which have become valid in many EU countries through specific local laws.
According to HTLC Network A.G. service and organization structure, and as the activity origin was in Italy, also our Swiss now central entity, which is out of the EU, has resolved to apply, also if not mandatory, the EU directives guidelines, and some procedures and principles already applied from our Italian entity, according for example to the Italian Legislative Decree 81/2008 for work & heal safety, or to the Legislative Decree 196/2003 for privacy and data confidentiality.

In detail the main internal procedures which have been developed, or are under update, are the following:

A. Environment control
  • Integrity and ethical values

  • Commitment to competence

  • Sole director and audit committee participation

  • Management's philosophy and operating style

  • Organizational structure and assignment of authority and responsibility

  • Human Resources policies and practices


    • B. Physical Security
  • Visitor access

  • Security systems (e.g. biometric hand readers, alarms)

  • Security staffing

  • Cameras and video surveillance


    • C. Environmental Security
  • Fire detection and suppression

  • Flood control

  • Redundant HVAC

  • UPS and generators

  • Emergency evacuation procedure


    • D. Computer Operations (Backup & Storage and System Availability)
  • Backup and restoration procedures

  • Automated backup systems

  • Backup performance monitoring

  • Offsite storage


    • E. Data Communications
    • Troubleshooting procedures
    • Escalation procedures
    • Disaster recovery procedures
    • Automated help desk ticketing system
    • Automated e-mail notification
    • Performance monitoring
    • Business continuity plans

    F. Customer Access
    • Password policies and procedures
    • Operating system security controls
    • Database security controls
    • Redundant firewall system
    • Intrusion Detection System (IDS)
    • Vulnerability scanning
    • OptiView performance monitoring
    • Customer assistance
    • Secure connectivity

    All our customers can be properly informed, on request and also in detail, of the content of one or more of the above procedures; in addition in order to have full transparency also concerning our I.T. system we have available a precise written guideline, and a graphic informative file we have called ‘IT Vision’, which usually satisfies most of our clients.

    Concerning the certification of the service quality instead, since already one year we have works in progress for the certification ISO 9001, related to data processing and management consulting activities, for which already the ‘guidelines manual’ and about 45 folders of procedures have been completed, and are under control. It is difficult to estimate when the work will be ready to start the certification, as legislation is changing frequently and IT procedures too, but we estimate that during 2010, we should be by sure ready.

    According to the Swiss law, our company might be exempted from the obligation to be audited, but our choice has always been since the birth date of the Swiss entity to be audited from an independent Swiss auditor, different from the Swiss chartered public accountant who is taking care of the ordinary accounting management, also as independent contractor. The audit reports and balance sheets are available on request of any customer.
    A proper SAS 70 certification is therefore not existing for our company by now, and according to the lean company structure compared to the business managed, it is probably not appropriate yet, but we trust our policy of transparency and easy service testing with customers and internal resources related to our service structure a genuine multi-professional know how sharing will be, as it has been until now, our best business card.



    Cham, 1/9/2008

    Luca Martin

    Sole Director

     



    Infinite Menus, Copyright 2006, OpenCube Inc. All Rights Reserved.