Synygy Concurs With Research, Urges Potential Software-as-a-Service Customers to Investigate Security and Privacy Details

Top Quote Purpose of SAS70 Audit Often Misunderstood and Misused, Research Finds. End Quote
  • (1888PressRelease) July 20, 2010 - Synygy Inc., the largest and most experienced provider of sales performance management (SPM) solutions, today announced its agreement with a key research firm's findings regarding SAS70 and how SAS70 certification is often being improperly used as evidence that effective security and privacy practices are being properly followed, when in actuality SAS70 certification falls far short of such proof and is often misunderstood and misused.

    According to Gartner, Inc.'s June 25, 2010 research publication 'SAS70 Is Not Proof of Security, Continuity or Privacy Compliance' by Jay Heiser and French Caldwell, procurement professionals and others seeking information on IT services or software should "be suspicious of any vendor that claims its SAS70 report is "proof" that the company is secure or compliant with some standard."

    "Synygy has for many years completed the SAS70 Type I and Type II auditing processes so that our clients could feel comfortable with our internal controls and procedures," said Mark A. Stiffler, president and CEO. "However, Synygy has gone much further, especially with ISO/IEC 27002 compliance and the use of third-party security experts that are continually testing and refining our controls to make sure that we remain compliant with ISO/IEC 27002 standards."

    The Gartner report suggests reference checks, on-site visits, and other methods of assessing the strength of security and privacy controls in addition to SAS70 certification and also lists other standards more appropriate for assessing risk.

    "Unlike most software-as-service providers, Synygy owns and operates its own data centers, which allows our clients and prospects to bring their data security teams and auditors to meet our technology executives and personally assess our facilities, business continuity measures, and security practices," Stiffler added. "We also have a dedicated full-time staff with CISSP certifications that manage information security and business continuity planning. All of these things together go much further in protecting the security of our clients' information than any of the other providers of SPM solutions."

    For more information on Synygy's data centers and information security, visit For more information on Synygy's sales performance management software and services, visit

    About Synygy
    Synygy is the largest and most experienced provider of sales performance management (SPM) software and services. These include SPM solutions for: sales compensation management (incentive compensation; rewards and recognition; and total compensation); sales communications management (sales portals; reports, dashboards, and analytics; and analyses, alerts, and answers); sales goal management (territories and channels; quotas and objectives; and pipeline analysis and forecasting); and sales process management (recruiting, evaluating, and training; data repository and data processes; and workflow processes). Based in Chester, Pennsylvania, with extensive operations in Europe and Asia, Synygy has achieved 19 continuous years of success.

  • FB Icon Twitter Icon In-Icon
Contact Information