CIO Inteview: Wild Oats' Jon Payne on Compliance, Outsourcing and the Value of SAS-70 AuditsBy Debra D'Agostino | Posted 2006-05-25 Email Print
Jon Payne, vice president of technology for organic foods retailer Wild Oats, says SAS-70 audits for outsourcers takes some of the sting out of meeting federal regulations.
When Jon Payne arrived at Wild Oats, in 2004, it was clear the organic food retailer, with $1.1 billion in 2005 revenues, needed a serious technology upgrade. "We are on a very fast growth curve113 stores now and 10 opening each yearbut we hadn't invested properly in IT," he says. Most in need of attention was the firm's data center, which "wasn't where a billion-dollar company should be." But the cost of managing a complex in-house upgrade was unrealistic, especially since the company had plans to move its headquarters from its space in Boulder, Colo., to a larger facility two miles away.
Outsourcing was the clear option, Payne says. What he didn't realize, however, was the importance of the SAS 70 audit, an international auditing standard created by the American Institute of Certified Public Accountants. The SEC accepts the SAS 70 as a means of certifying third-party vendors for regulations like the Sarbanes-Oxley Act. Senior Reporter Debra D'Agostino recently chatted with Payne about auditing third-party vendors. What follows is an edited transcript of his remarks.
CIO Insight: Why did you decide to outsource your data center?
Payne: I was in the hosting business previously, and in this day and age I feel there's no reason to build your own data center. I looked at the cost of doing it ourselves versus outsourcing, and it was a no-brainer.
But finding a vendor wasn't as easy. First we addressed a number of screening issues. For one, the vendor had to fit our size and level of sophistication. We were still in the midst of building our processes and systems, so we didn't want to be the largest client with a small provider, but we also didn't want to be the smallest customer of a large one. VeriCenter ended up being the right fit for us. Plus, they had already done the SAS 70 audit before we considered them. That was significant because at that time we were going through the initial round of SOX compliance. The SAS 70 audit meant we didn't have to spend a lot of time on the compliance issues surrounding the data center.
Read the full story on eWEEK.com: CIO Inteview: Wild Oats' Jon Payne on Compliance, Outsourcing and the Value of SAS-70 Audits