About WebTrust at Ariba
WebTrust is an assurance service jointly developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
http://www.webtrust.org/
WebTrust audit compliance covers Availability, Confidentiality, Processing Integrity and Security. The Ariba Supplier Network has been in compliance with WebTrust for many years; our On-Demand Sourcing/Contract Management/SV (S4) applications, On-Demand P2P/T&E/EIPP (SSP) applications, and internal AS, ACM & Analysis (SV) hosted upstream applications (On-Demand enterprise/hosted cd-rom) are also in compliance with WebTrust.
KPMG's Independent Audit Report and Ariba's Management Assertion for our current audit period may be found at following URL: https://cert.webtrust.org/ViewSeal?id=781.
Ariba and our auditors believe WebTrust is a more appropriate assurance service than SAS70 for our line of business.
WebTrust, SysTrust, and SAS70 are closely related standards; you can read more about them at the SAS70 FAQ website at:
http://www.sas70.com/faq/
And at the AICPA website at:
AICPA
The most salient difference between WebTrust (and SysTrust) and SAS70 is WebTrust is a predefined industry standard set of principles and criteria and the organization is audited against that standard, and in SAS70 each organzation defines its own set of criteria and is then audited against the criteria it defined.
Also check:
- http://www.aicpa.org/download/trust_services/final-Trust-Services.pdf
- Webtrust Comparation
- http://infotech.aicpa.org/NR/rdonlyres/ED363958-19AB-4249-BD15-3DEF6667D0F0/6573/sas_70_SysTrust_Webtrust_comBrochure.pdf
