According to Melendez, other vendors pushing ITIL include Microsoft Corp., Intel Corp. and Oracle Corp.

SAS 70

SAS 70 is an auditing standard that was created by the American Institute of Certified Public Accountants (AICPA) in 1992. A SAS 70 audit shows whether an independent accounting and auditing firm has examined a service provider's controls for IT and related processes.

SAS 70 isn't a predetermined set of control objectives or activities. Auditors must follow the AICPA's standards for fieldwork, quality control and reporting and issue a formal report to the service provider that includes the auditor's opinion once the audit is completed.

There are two types of reports: one describes a service provider's controls at a specific point in time, and the other describes the controls and includes detailed testing of the service provider's control activities and processes over a minimum six-month period.