Figure 1—SERVQUAL RATER Model
Dimension Description
Reliability Ability to perform service dependably and accurately
Assurance Ability of staff to inspire confidence and trust
Tangible Physical facilities, equipment, staff appearance, etc.
Empathy Extent to which caring, individualized service is given
Responsiveness Willingness to help and respond to customer need
SERVQUAL: Reliability Dimension
Many businesses unwittingly use the terms “SAS 70 certified”
or “SAS 70 compliant”; both terms are misnomers that,
arguably, imply guarantees or the meeting of statutory
or regulatory requirements. Specifically addressing this
misnomer is central to the reliability dimension (service
dependability and accuracy) of SERVQUAL. This begins with
an understanding that a SAS 70 audit is only a guarantee
that a third-party independent auditor was used to examine
a company’s IT security controls and related processes with
documented findings in a SAS 70 report. The SAS 70 audit
report includes the auditor’s opinion or attestation statement
issued to the service organization at the conclusion of a SAS
70 audit. This report is effectively an auditor-to-auditor
communiqué between the service and user organization (the
entity that has engaged a service organization—particularly
if its financial statements are impacted by the services of the
service organization).
The reliability of the SAS 70 report may lie in its not being
complicit in the misuse of the report by some vendors using the
report to support exaggerated marketing claims. Requests from
service vendors to prepare SAS 70 reports for purposes that are
outside the intended scope of the reports should be refused or
avoided. SAS 70 reports were not intended to supplant good
old-fashioned IT security due diligence on the part of service
vendors, nor should it; only present-day observations are noted
without indicating any forward-looking representations.
SERVQUAL: Assurance Dimension
An old adage holds that people are judged by the company
they keep. If one subscribes to this truism, audit firms are
• Read ISACA’s white paper New Service Auditor
Standard: A User Entity Perspective
www.isaca.org/whitepapers
well served to surround themselves with people who share
their ideals and values. Inspiring confidence and trust as
it relates to the assurance dimension is about creating an
organization of character that delivers on its commitments—
an organization that is attuned to answering the needs of
others and that is willing to go the extra mile to support its
customers. Another way to engender confidence and trust
is to utilize an organization that is known for exceptional
products and services and that is respected or admired
in the marketplace.
Beyond platitudes (i.e., “customers come first”) of the
normal business rhetoric, earning trust is a journey achieved
over time; customer trust is the most direct route to long-term
success, as demonstrated time and time again by successful
businesses. Inspiring trust is accomplished in small increments
one customer at a time, improving a single process as needed.
Bill Price and David Jaffe suggest checklists of things to do and
not do when operating an interaction center and provide the
right choices for customers at every point in the service process: 6
• On the web site, phone numbers should appear on every
page. “Talk to someone” or “chat” buttons should be
utilized, and a “contact us” button should be available to
make it easy to send e-mails and should state how quickly
customers should expect a response.
• For interactive voice response phone menus or trees, web
site alternatives should be clearly mentioned; the option
to leave a callback number should be provided; and at any
point, the caller should be able to hit 0 to reach an operator.
• E-mails to customers should always provide an
accompanying phone number, along with links to pages on
the web site that can actually help explain the issue(s).
• There should be branch operations that have phones for
calling the contact center directly, self-service desks for
information, and web-enabled personal computers (PCs)
for direct self-service online. Make it easy to contact the
enterprise, not difficult.
