SAS 70 audits and PCI DSS assessments are truly starting to dominate the regulatory compliance landscape. For a large number of our firm’s clients, we actively assess them for yearly SAS 70 and PCI DSS compliance. The chatter of late is surrounding what efficiencies of scale, if any, can be had by conducting both a SAS 70 audit and a PCI DSS assessment for an organization that needs both.
I urge you to read a very compelling article I wrote regarding both of these major compliance initiatives.
Titled “SAS 70 Audits and PCI DSS | a Technical White Paper” it discusses these very issues and brings to light some extremely important points for both SAS 70 and PCI DSS compliance.
In summary, tread cautiously when thinking that doing both is simply a “two for one”, meaning you can conduct both a SAS 70 audit and a PCI DSS assessment at the same time.