November 16, 2010 8:43 PM
Posted by: Charles Denyer
change management sas 70,
charles denyer,
SSAE 16,
type 1 report,
type 2 report,
written assertion by management,
written statementSSAE 16, put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), requires that the service organization provide a
July 21, 2010 11:53 AM
Posted by: Charles Denyer
charles denyer,
ISAE 3402,
SAS 70,
SSAE 16SSAE 16, put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), will force a large number of service organizations to fundamentally re-address many of the compliance issues that they...
May 17, 2010 11:24 AM
Posted by: Charles Denyer
charles denyer,
ISAE 3402,
SAS 70,
SSAE 16,
written assertion by managementISAE 3402, put forth by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC), will play a large and ever-expanding role for reporting on controls at service organizations. ...
May 16, 2010 1:56 PM
Posted by: Charles Denyer
charles denyer,
ISAE 3402,
service organizations,
SSAE 16ISAE 3402: The International Standard on Assurance Engagements, “Assurance Reports on Controls at a Service Organization”, is the new global standard for assurance reporting on service organizations. What's interesting to note about...
March 16, 2010 10:06 PM
Posted by: Charles Denyer
charles denyer,
pci dss compliance,
pci qsa,
qualified security assessor (QSA)PCI DSS Compliance will continue to be one of the most talked about regulatory compliance initiatives for 2010, without question. First and foremost, data breaches are still occurring, companies are still losing sensitive cardholder data, and lastly, PCI compliance is finally (yes finally) being...
January 11, 2010 2:03 PM
Posted by: Charles Denyer
charles denyer,
sas 70 report,
SAS 70 Type I,
sas 70 type iiProperly scoping a SAS 70 Type I or SAS 70 Type II audit is an extremely important component of the audit process itself. Why? Because as a service organization undergoing a SAS 70 audit, your goal is to have a report produced and issued to you...
December 11, 2009 1:42 PM
Posted by: Charles Denyer
charles denyer,
PCAOB,
Sarbanes-Oxley,
sarbox,
SAS 70,
SOXWell, i'm sure by now millions of people have read the article in Newsweek about how Sarbanes-Oxley (SOX) could be brought down to it's knees and killed.
Compliance auditors are getting cold...
December 10, 2009 4:56 PM
Posted by: Charles Denyer
charles denyer,
merchant,
ndb advisory,
Payment Card Industry Data Security Standard,
pci dss auditors,
pci qsa,
pcissc,
qualified security assessor (QSA),
service providerThe term PCI DSS auditors is technically incorrect, as one really should be looking for a Payment Card Industry Data Security Standard (PCI DSS) Qualified Security Assessor (QSA).
So what really is a QSA? A QSA is an individual who has...
December 9, 2009 7:29 PM
Posted by: Charles Denyer
cardholder name pci dss service code pci dss,
charles denyer,
merchants,
pci compliance roadmap,
pci readiness assessment,
pciassessment.org,
service providersLooking for a PCI compliance Roadmap? As a Payment Card Industry Data Security Standards Qualified Security Assessor (PCI QSA), I'm often asked about the who, what, where, and why of PCI compliance. Most organizations (merchants and service providers) are...
