CIO Inteview: Wild Oats' Jon Payne on Compliance, Outsourcing and the Value of SAS-70 Audits

By Debra D'Agostino  |  Posted 2006-05-25 Print this article Print

Jon Payne, vice president of technology for organic foods retailer Wild Oats, says SAS-70 audits for outsourcers takes some of the sting out of meeting federal regulations.

When Jon Payne arrived at Wild Oats, in 2004, it was clear the organic food retailer, with $1.1 billion in 2005 revenues, needed a serious technology upgrade. "We are on a very fast growth curve—113 stores now and 10 opening each year—but we hadn't invested properly in IT," he says. Most in need of attention was the firm's data center, which "wasn't where a billion-dollar company should be." But the cost of managing a complex in-house upgrade was unrealistic, especially since the company had plans to move its headquarters from its space in Boulder, Colo., to a larger facility two miles away.

Outsourcing was the clear option, Payne says. What he didn't realize, however, was the importance of the SAS 70 audit, an international auditing standard created by the American Institute of Certified Public Accountants. The SEC accepts the SAS 70 as a means of certifying third-party vendors for regulations like the Sarbanes-Oxley Act. Senior Reporter Debra D'Agostino recently chatted with Payne about auditing third-party vendors. What follows is an edited transcript of his remarks.

CIO Insight: Why did you decide to outsource your data center?
I was in the hosting business previously, and in this day and age I feel there's no reason to build your own data center. I looked at the cost of doing it ourselves versus outsourcing, and it was a no-brainer.

But finding a vendor wasn't as easy. First we addressed a number of screening issues. For one, the vendor had to fit our size and level of sophistication. We were still in the midst of building our processes and systems, so we didn't want to be the largest client with a small provider, but we also didn't want to be the smallest customer of a large one. VeriCenter ended up being the right fit for us. Plus, they had already done the SAS 70 audit before we considered them. That was significant because at that time we were going through the initial round of SOX compliance. The SAS 70 audit meant we didn't have to spend a lot of time on the compliance issues surrounding the data center.

Read the full story on eWEEK.com: CIO Inteview: Wild Oats' Jon Payne on Compliance, Outsourcing and the Value of SAS-70 Audits

Debra D'Agostino was part of the original team that launched CIO Insight in May 2001, and has held several positions during her tenure, serving first as copy chief, then senior reporter, and currently as online editor, overseeing content and strategy for CIOInsight.com. Prior to joining Ziff Davis Media, her work focused largely on travel and leisure, and her articles have appeared in Consumer Reports' Travel Letter, The Elite Traveler, Agenda New York, Travel Agent, Westchester, Wine Enthusiast and USA Today, among others. At CIO Insight, she has twice been a finalist for American Business Media's Jesse H. Neal Award, and has received three national gold awards from the American Society of Business Publication Editors. She holds a bachelor of science in journalism from the Newhouse School at Syracuse University.

Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.