Regulatory Compliance, Governance and Security:

November, 2008


November 29, 2008  5:30 PM

SAS 70 Type II Audits | An Auditor’s Expert Opinion on Pricing

Charles Denyer Charles Denyer Profile: Charles Denyer

People often ask me what the price of a SAS 70 Type I or SAS 70 Type II audit is. My response? That depends, I say, on many, many factors. Here is what needs to be understood when considering pricing factors for SAS 70 Type I and Type II audits: 1. The CPA...

November 28, 2008  10:43 PM

SAS 70 Audit Reports | Start with a SAS 70 Readiness Assessment

Charles Denyer Charles Denyer Profile: Charles Denyer

Successful completion of SAS 70 Type I or SAS 70 Type II audit reports should start with undertaking a SAS 70 Readiness Assessment. A readiness assessment is an important part of the audit process in that it helps identify weaknesses, gaps, and deficiencies within your organization's control...


November 23, 2008  7:46 PM

SAS 70 Type II Audit Reports | Why SAS 70 is Here to Stay

Charles Denyer Charles Denyer Profile: Charles Denyer

We live in a world of heightened regulatory compliance and corporate governance. From the passage of the 2002 Sarbanes-Oxley Act to numerous other pieces of legislation (HIPAA, GLBA, just to name a few), "comply, comply, comply" is the new mantra being pushed throughout organizations and at all...


November 23, 2008  7:24 PM

Payment Card Industry (PCI DSS) Compliance | Requirement 1.1.2

Charles Denyer Charles Denyer Profile: Charles Denyer

Payment Card Industry (PCI) Data Security Standards (DSS) compliance for PCI DSS requirement 1.1.2 calls for "Current network diagram with all connections to cardholder data, including any wireless networks" Thus, testing for validating...


November 23, 2008  7:14 PM

Payment Card Industry (PCI DSS) Compliance | Requirement 1.1.1

Charles Denyer Charles Denyer Profile: Charles Denyer

PCI DSS Requirement 1.1.1 calls for "A formal process for approving and testing all network connections and changes to the firewall and router configurations". Thus, the test to validate this, in accordance with PCI DSS 1.2 standards is to...


November 23, 2008  7:03 PM

Payment Card Industry (PCI DSS) Compliance | Requirement 1.1

Charles Denyer Charles Denyer Profile: Charles Denyer

Payment Card Industry (PCI) Data Security Standards (DSS) for Requirement 1.1 require organizations to "Establish firewall and router configuration standards". This requirement falls under the functional area of the overall Requirement...


November 13, 2008  3:28 AM

PCI DSS Readiness Assessment for Payment Card Industry Compliance

Charles Denyer Charles Denyer Profile: Charles Denyer

Are you a merchant or service provider that needs to be Payment Card Industry Data Security Standards (PCI DSS) compliance? Are you an entity directly involved in the processing, storage, or transmission of transaction data or cardholder data? If so, then read on because one of the most important...


November 13, 2008  2:53 AM

Minnesota (MN) Plastic Card Security Act | Payment Card Industry (PCI DSS) Compliance

Charles Denyer Charles Denyer Profile: Charles Denyer

The state of Minnesota recently codified part of the Payment Card Industry (PCI) Data Security Standards (PCI) framework into actual law. Thus, Minnesota has essentially become the first state...


November 13, 2008  2:40 AM

SAS 70 Audit Costs and Pricing | What You Need to Know

Charles Denyer Charles Denyer Profile: Charles Denyer

If your organization is planning on undertaking a SAS 70 audit, be it a Type I or a Type II, then there are some important points you need to learn about SAS 70 audit pricing. First and foremost, make sure to get a "fixed fee" for the SAS 70 engagement a fixed fee includes all out of pocket,...


November 12, 2008  3:55 PM

Payment Card Industry Data Security Standards (PCI DSS) | Tips and Strategies

Charles Denyer Charles Denyer Profile: Charles Denyer

If you are a merchant or service organization and need to be payment card industry (PCI) compliant with the PCI DSS provisions, then there are a number of important points you need to know. First and foremost, you need to identify what level you are in accordance with PCI DSS requirements. You can...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: