We are a small software provider and a prospect is asking us to provide a SAS 70 report or equivalent information about our information security.
asked , updated
answered , updated
SAS 70 refers to an auditing standard developed by AICPA for reviewing a service organization's control activities and processes (with particular focus on customer data protection). Most likely, your prospect is referring to a SAS 70 audit report, which would provide the independent opinion of your auditor's on your control processes.