Regulatory Compliance, Governance and Security:

charles denyer


June 26, 2009  3:08 PM

PCI DSS Requirements and PCI DSS Merchant Levels | VISA



Posted by: Charles Denyer
2, 3, 4, annual report on compliance, annual self assessment questionnaire, asv, Attestaion of compliance form, charles denyer, Merchant Levels 1, PCI DSS Requirements and PCI DSS Merchant Levels | VISA, Quarterly network scan by approved Scan Vendor, ROC, SAQ

PCI DSS Requirements for Merchants is dependent on the "Level" your organization falls into. Currently, there are four (4) Merchant Levels for PCI DSS compliance. What's important to note is that these merchant levels are...

June 20, 2009  3:31 AM

PCI COMPLIANCE



Posted by: Charles Denyer
charles denyer, level 1, merchants, payment card industry data security standards (PCI DSS), payment card industry security standards council, pci compliance, PCI DSS

Payment Card Industry Data Security Standards (PCI DSS) compliance means many different things to many people. And after all, it should, based on the complexities of truly understanding what the phrase "PCI Compliance" or being "PCI compliant" really means. For an ounce of clarity, remember...


June 20, 2009  3:20 AM

SAS 70



Posted by: Charles Denyer
charles denyer, control environment, general controls report, sarbanes oxley act of 2002, SAS 70 Type I, sas70, Statement on Auditing Standards No. 70, type II

Statement on Auditing Standards No. 70, simply known as SAS 70 to many, has had a profound impact on regulatory compliance since the passage of the Sarbanes Oxley Act in 2002. As a SAS 70 auditor for many years, i've been asked a broad and wide range of...


June 19, 2009  10:00 PM

PCI DSS Level 1 Compliance for Merchants and Service Providers | Helpful Tips



Posted by: Charles Denyer
12 requirements, charles denyer, merchants, PCI DSS, PCI DSS Level 1 compliance for merchants and service providers, pci qsa, service providers

PCI DSS Level 1 Compliance for Merchants and Service Providers can be a daunting task, but there are a number of proactive steps to take to help mitigate and hopefully eliminate cost and time overruns. There's quite a bit you can do to help prepare your organization for PCI DSS Level 1...


June 16, 2009  11:40 AM

PCI DSS Requirements for Service Providers | Expert Advice from a QSA



Posted by: Charles Denyer
amex, charles denyer, data centers, Discover Card, ISO, jcb, managed service providers, mastercard, payment card industry data security standards (PCI DSS), payment gateways, PCI DSS, pci dss compliance, pci qsa, qualified security assessor, service providers payment card compliance, transaction processors, visa, web hosting providers

PCI DSS compliance is becoming a requirement for many service providers involved in the processing, storage, transmission, and switching of transaction data and cardholder data. In short, a service provider, for purposes of Payment Card Industry Data...


June 16, 2009  2:35 AM

SAS 70 Audits and PCI DSS | Yes, There is a Big Difference



Posted by: Charles Denyer
assessments, audits, charles denyer, cpa firm, payment card industry data security standards, PCI DSS, PCI DSS Level 1 compliance, report on compliance, ROC, sas 70 type ii audit

SAS 70 audits, especially Type II reports and PCI DSS Level 1 Report on Compliance (ROC) assessments are dominating today's regulatory compliance arena. Painfully, as a SAS 70 auditor and a PCI DSS assessor, I keep hearing people talk about these two compliance initiatives as if they are one in...


June 3, 2009  6:34 PM

SAS 70 | Surprise Examination | Internal Control Report for Investment Advisers



Posted by: Charles Denyer
charles denyer, client funds, File No. S7-09-09, internal control report, qualified custodian, sample sas 70 type II report, SAS 70, securities, surprise examination, The investment Advisers Act of 1940

The SAS 70 auditing standard is sure to become a necessary element of the proposed changes for the Investment Advisers Act of 1940. The SEC released a draft of proposed changes regarding “Custody of Funds or Securities of Clients by Investment Advisers” (


May 31, 2009  3:33 PM

Policies and Procedures | SAS 70 | PCI DSS | An Auditor’s Viewpoint



Posted by: Charles Denyer
Add new tag, change management, charles denyer, Maintain an Information Security Policy, PCI DSS, policies and procedures, requirement 12, SAS 70 Type I, sas 70 type ii

Policies and Procedures-it's such a common theme and phrase in today's regulatory compliance and governance arena, so much so, i think it should have it's own Wikipedia page. It can be an arduous undertaking in developing these documents. Furthermore, policies and procedures are becoming...


May 30, 2009  8:26 PM

SAS 70 Control Objectives for Investment Advisers | Custodial Operations



Posted by: Charles Denyer
cash and security positions, charles denyer, client funds or securities along with performing custodial duties and operations, control objectives, custodial operations, Custody of Funds or Securities of Clients by Investment Advisers, File No. S7-09-09, investment advisers, investment advisors, market values of securities, net settlement procedures, sample sas 70 type II report, SAS 70, sas70.us.com, securities income

The SEC released a draft of proposed changes regarding “Custody of Funds or Securities of Clients by Investment Advisers” (File No. S7-09-09), calling for more oversight and controls over...


May 30, 2009  7:59 PM

SAS 70 & Investment Advisers Act of 1940 | Proposed Changes



Posted by: Charles Denyer
charles denyer, Custody of Funds or Securities of Clients by Investment Advisers, File No. S7-09-09, independent public accountant, internal control report, investment advisors, qualified custodian, SAS 70 & Investment Advisers Act of 1940, SEC, surprise examination, The Securities and Exchange Commission

The SAS 70 auditing standard looks to become a vital component of the proposed changes for the Investment Advisers Act of 1940. In short, the recent scandals and ponzi schemes that resulted in the loss of billions of dollars for investors is receiving a wakeup call from the Securities and Exchange...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: