FAQ - Using SOAPSonar for SAS 70 Compliance Testing

SOAPSonar provides the features to accomplish testing the requirements set forth in the SAS 70 ( Statement on Auditing Standards (SAS) No. 70) per Service Organization Controls (SOC) level reporting. 

Specifically, the following information can be obtained and validated

SOC 2 Report— Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
SOC 3 Report— Trust Services Report for Service Organizations

Trust Services Principles

-- SOAPSonar provides an integrated WSDL scoring engine which performs detailed analysis of WSDL and schema to assess compliance with regard to message patterns and  potential exposure to processing integrity risks.


-- SOAPSonar provides security testing across the following different types of security validation:   Threat Vector Vulnerability Assessment, Identify and Access Control testing, Security Standards such as WS-Security Encryption, Decryption, Signatures, and Signature Verification,


-- SOAPSonar provides performance testing assessment with latency and throughput analysis with profile management for concurrent users.

Processing Integrity

-- SOAPSonar provides several testing features to validate the enforcement (or lack thereof) of document integrity with regard to RFC protocol compliance, well-formed XML, and valid schema data types and structure

Confidentiality, and Privacy

-- SOAPSonar provides one-way and 2-way SSL/TLS validation, WS-Encryption, WS-Decryption, WS-Signatures, and WS-Signatures Validation to validate privacy and confidentiality enforcement of service transactions.


Please sign in to leave a comment.