"We are dedicated to supporting our customers' compliance requirements," says E. Allen West, Railinc president and CEO. "The SAS 70 audit validates that Railinc meets the highest standards for securing and protecting data exchanges with Railinc customers. It gives them assurance that their data is being processed accurately and completely."
Under Section 404 of the Sarbanes-Oxley Act, companies are required to receive an opinion from their external auditors regarding their systems of control, including those extending to service providers such as Railinc. The SAS 70 Type II examination allows users to rely on Railinc's controls, reducing auditing expenses for its customers, as well as assuring compliance.
The process examined the integrity and security of Railinc's systems, including an exhaustive assessment of internal controls in operations over a six-month period. Railinc's systems, procedures and controls--critical to processing information and millions of confidential financial transactions--were thoroughly evaluated. Specifically, the following four systems were examined: the Railroad Clearinghouse (RCH); the Interline Settlement System (ISS); the Rate EDI Network (REN); and the Liability Continuity System (LCS). Additionally, physical and logical security measures; network access and monitoring; systems development; change management; and customer service were also evaluated.
Since 2004, Railinc has completed an annual SAS 70 Type II examination. Reports are available on December 1st of each year.
