Regulatory Compliance, Governance and Security

Aug 26 2008   12:25PM GMT

PCI & SAS 70 Audits | Cost Savings Initiatives



Posted by: Charles Denyer
Tags:
PCI
pci compliance
PCI DSS
SAS 70
sas70
sas70 sample reports

If your organization is required to be SAS 70 compliant along with obtaining a PCI DSS assessment, then it’s time to think about creating efficiencies of scale when conducting both the audit for SAS 70 and the assessment for PCI compliance.

By no means are there perfect synergies, rather, both the SAS 70 and the PCI DSS can be looked upon for assisting each other in regards to preparing deliverables for auditors. Here’s how it works. Auditors create “prepared by client” (PBC) lists, which are in essence a wide assortment of documents, materials, and other deliverables needed for an audit and that must be prepared by the client. My advice is why not schedule the PCI DSS assessment before the SAS 70 audit, thus using many of the samples pulled for the PCI DSS audit for the SAS 70 audit, provided the time periods are applicable. Better yet, fieldwork could be conduced in close proximity or even overlapping both the SAS 70 and th PCI DSS assessment. The point to make is this. Compliance audits or assessments (as we’ve been told to call the PCI DSS during training-an “assessment”, not an audit!) generally ask for similar information in some shape or form. Working with an auditor that truly knows both the PCI DSS and the SAS 70 auditing standard will save you alot of time, headaches and money. Though it’s not a 2 for 1, it does create a high level of efficiency which any organization requiring both a SAS 70 and PCI DSS should consider.

To learn more about SAS 70 audit or to receive a sample SAS 70 report, visit the official SAS 70 Resource Center.

To learn more about PCI DSS assessments, visit the official PCI resource center.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: