SAS 70 Audits and PCI DSS Assessments | Expert Advice from an Auditor

SAS 70 audits and PCI DSS assessments are truly starting to dominate the regulatory compliance landscape. For a large number of our firm’s clients, we actively assess them for yearly SAS 70 and PCI DSS compliance. The chatter of late is surrounding what efficiencies of scale, if any, can be had by conducting both a SAS 70 audit and a PCI DSS assessment for an organization that needs both.

I urge you to read a very compelling article I wrote regarding both of these major compliance initiatives.
Titled “SAS 70 Audits and PCI DSS | a Technical White Paper” it discusses these very issues and brings to light some extremely important points for both SAS 70 and PCI DSS compliance.

In summary, tread cautiously when thinking that doing both is simply a “two for one”, meaning you can conduct both a SAS 70 audit and a PCI DSS assessment at the same time.

If you want to learn more about SAS 70 audits, visit the official SAS 70 Resource Guide and if you want to learn more about PCI DSS assessments, visit the official PCI DSS Resource Guide.