> > I am not sure how this cerification would apply to hard copy storage,
> but
> > Iron Mountain was SysTrust Certified on March 23, 2007.
> >
> >
> a quick read of the AICPA link indicates to me at least that the
> SysTrust certification applies only to computer systems

And reading this makes me wonder how a services vendor could attain it (?)


 SysTrust is the accounting profession's answer to concerns relating to
system reliability. SysTrust is based on the Trust Services Principles and
Criteria, which constitute professional guidance as well as serving as best
practices for system reliability. Using these Principles and Criteria either
separately or in combination, CPAs can offer a range of advisory and
assurance services to help either clients or employers address their
security, availability, processing integrity, and confidentiality needs.

If it's the "accounting profession's answer to concerns relating to system
reliability" and by use of the stated principles "CPAs can offer a range of
advisory and assurance services", then what does that have to do with IM?
The FAQs indicate that it ensures a system meets the AICPA established
standards at the time a system was inspected, and that it must be
re-inspected annually to remain certified, but it also says that "CPA firms
whose owners are each members in good standing of the AICPA are eligible to
be licensed as providers of Trust Services."

So I'm a bit confused as to how a non-CPA firm can be SysTrust certified?

Larry Medina
Danville, CA
RIM Professional since 1972

List archives at
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]