August 26, 2008 7:43 PM
Posted by: Charles Denyer
GLBA privacy rule,
GLBA safeguards rule,
SAS 70,
SAS 70 download,
sas70The Gramm Leach Bliley Act, commonly known as GLBA, has certain provisions that require organizations, such as financial institutions (bank, online trading entities) to protect confidential consumer information. Unfortunately,...
August 26, 2008 12:36 PM
Posted by: Charles Denyer
regulatory compliance,
Sarbanes-Oxley,
SAS 70,
sas70,
sas70 sample reports,
section 404 soxThe relationship between Sarbanes-Oxley and SAS 70 begins with Section 404 of the 2002 Sarbanes Oxley Act (SOX). Because management must report annually on it’s effectiveness of internal controls, it then has a fiduciary responsibility and a requirement to inspect on controls considered critical...
August 26, 2008 12:25 PM
Posted by: Charles Denyer
PCI,
pci compliance,
PCI DSS,
SAS 70,
sas70,
sas70 sample reportsIf your organization is required to be SAS 70 compliant along with obtaining a PCI DSS assessment, then it's time to think about creating efficiencies of scale when conducting both the audit for SAS 70 and the assessment for PCI compliance.
By no means are there perfect synergies, rather, both...
August 26, 2008 11:23 AM
Posted by: Charles Denyer
regulatory compliance,
Sarbanes-Oxley,
SAS 70,
SAS 70 download,
SAS 70 readiness questionnaire,
sas70,
sas70 sample reportsSAS 70 audits are being performed on many service organizations in today's growing regulatory compliance economy. From federal legislation, such as Sarbanes-Oxley to HIPAA, the SAS 70 auditing standard has been pushed to the...
August 26, 2008 11:10 AM
Posted by: Charles Denyer
HIPAA,
SAS 70,
SAS 70 download,
sas70,
Third Party Administrator,
TPAAs a SAS 70 auditor for many years, i've seen a huge increase in the number of third party administrators (TPA) that are required to go through a SAS 70 Type I or SAS 70 Type II audit. Man of these TPA organizations are considered small, with limited budgets, thus they voice a great deal of...
August 18, 2008 3:30 PM
Posted by: Charles Denyer
Compliance,
pci compliance,
pci dss qsa,
SAS 70,
sas70,
What is SAS 70?Many organizations are now being required to be SAS70 and PCI DSS compliant. With that said, I am often asked where the synergies or overlaps are for a SAS70 audit, which can only be done by a CPA firm and a PCI DSS assessment, which can only be done by a qualified PCI QSA individual.
My answer...
August 3, 2008 2:49 PM
Posted by: Charles Denyer
Auditing,
audits,
Compliance,
GLBA,
HIPAA,
payment card industry,
PCI,
qsa,
regulatory compliance,
Sarbanes-Oxley,
SAS 70,
sas70,
sas70 sample reports,
SecuritySAS70 audits have grown tremendously in the past five years, largely due in part to the explosive growth of federal regulatory compliance laws and legislation. Interestingly also, Payment Card Industry (PCI) compliance has also received much...
July 25, 2008 3:00 PM
Posted by: Charles Denyer
Auditing,
Compliance,
Sarbanes-Oxley,
SAS 70,
SAS 70 download,
What is SAS 70?Data centers are increasingly being called upon to be SAS70 Type I or Type II compliant. It stems primarily from the rapid growth of compliance legislation, along with the advent of many industries, particularly Software as a Service (SaaS), that require services from data centers and co-location...
July 23, 2008 2:53 PM
Posted by: Charles Denyer
Compliance,
SAS 70,
SAS 70 download,
SOX,
What is SAS 70?If you want to learn about SAS70 Type I & Type II audits, then it's a good idea to gain a thorough understanding of the terminology used for the SAS70 auditing standard. There's much technical jargon and...
