Regulatory Compliance, Governance and Security:

charles denyer


November 17, 2010  5:22 PM

SSAE 16 | Description of the “System” | What you Need to Know



Posted by: Charles Denyer
charles denyer, description of controls, description of system, ndb, SAS 70, SSAE 16

Enter SSAE 16 and it's new requirement for service organizations to provide a description of its "system". As for out with the old...

November 16, 2010  8:43 PM

SSAE 16 Management Assertion | What you Need to Know



Posted by: Charles Denyer
change management sas 70, charles denyer, SSAE 16, type 1 report, type 2 report, written assertion by management, written statement

SSAE 16, put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), requires that the service organization provide a


July 21, 2010  11:53 AM

SSAE 16 | Preparing your Organization for the New Changes



Posted by: Charles Denyer
charles denyer, ISAE 3402, SAS 70, SSAE 16

SSAE 16, put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), will force a large number of service organizations to fundamentally re-address many of the compliance issues that they...


May 17, 2010  11:24 AM

ISAE 3402 | A New Standard Has Arrived for Reporting on Service Organizations



Posted by: Charles Denyer
charles denyer, ISAE 3402, SAS 70, SSAE 16, written assertion by management

ISAE 3402, put forth by the International Auditing and Assurance Standards Board (IAASB) of the International Federation of Accountants (IFAC), will play a large and ever-expanding role for reporting on controls at service organizations. ...


May 16, 2010  1:56 PM

ISAE 3402 | The New Global Standard for Assurance Reporting on Service Organizations has Arrived!



Posted by: Charles Denyer
charles denyer, ISAE 3402, service organizations, SSAE 16

ISAE 3402: The International Standard on Assurance Engagements, “Assurance Reports on Controls at a Service Organization”, is the new global standard for assurance reporting on service organizations. What's interesting to note about...


March 16, 2010  10:06 PM

PCI DSS Compliance | What’s New for 2010? | An Auditor’s Viewpoint



Posted by: Charles Denyer
charles denyer, pci dss compliance, pci qsa, qualified security assessor (QSA)

PCI DSS Compliance will continue to be one of the most talked about regulatory compliance initiatives for 2010, without question. First and foremost, data breaches are still occurring, companies are still losing sensitive cardholder data, and lastly, PCI compliance is finally (yes finally) being...


January 11, 2010  2:03 PM

SAS 70 Audit Scope for Type I and Type II Audits | Important Advice



Posted by: Charles Denyer
charles denyer, sas 70 report, SAS 70 Type I, sas 70 type ii

Properly scoping a SAS 70 Type I or SAS 70 Type II audit is an extremely important component of the audit process itself. Why? Because as a service organization undergoing a SAS 70 audit, your goal is to have a report produced and issued to you...


December 11, 2009  1:42 PM

Could Sarbanes-Oxley (SOX) be Killed? | An Auditor’s Viewpoint



Posted by: Charles Denyer
charles denyer, PCAOB, Sarbanes-Oxley, sarbox, SAS 70, SOX

Well, i'm sure by now millions of people have read the article in Newsweek about how Sarbanes-Oxley (SOX) could be brought down to it's knees and killed. Compliance auditors are getting cold...


December 10, 2009  4:56 PM

PCI DSS Auditors | You Need to hire a Qualified Security Assessor (QSA)



Posted by: Charles Denyer
charles denyer, merchant, ndb advisory, Payment Card Industry Data Security Standard, pci dss auditors, pci qsa, pcissc, qualified security assessor (QSA), service provider

The term PCI DSS auditors is technically incorrect, as one really should be looking for a Payment Card Industry Data Security Standard (PCI DSS) Qualified Security Assessor (QSA). So what really is a QSA? A QSA is an individual who has...


December 9, 2009  7:29 PM

PCI Compliance Roadmap | Readiness Assessment | Where to Begin



Posted by: Charles Denyer
cardholder name pci dss service code pci dss, charles denyer, merchants, pci compliance roadmap, pci readiness assessment, pciassessment.org, service providers

Looking for a PCI compliance Roadmap? As a Payment Card Industry Data Security Standards Qualified Security Assessor (PCI QSA), I'm often asked about the who, what, where, and why of PCI compliance. Most organizations (merchants and service providers) are...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: