Regulatory Compliance, Governance and Security:

PCI


September 26, 2009  10:07 PM

HIPAA Privacy Rule | Attention Data Centers | Are you HIPAA Compliant?



Posted by: Charles Denyer
HIPAA Privacy rule, PCI, PHI, protected Health Information, SAS 70

First it was SAS 70, then PCI, now HIPAA is fast becoming a requirement for data centers. Here's what you need to know about the HIPAA Privacy Rule. An electronic medical record (EMR) is usually a computerized legal...

August 23, 2009  8:47 PM

Will HIPAA compliance ever have any Teeth like SAS 70 and PCI DSS?



Posted by: Charles Denyer
162, 45 CFR Parts 160, and 164, charles denyer, health insurance portability and accountability act, Health Insurance Reform: Security Standards, HIPAA, payment card industry data security standards, PCI, PCI DSS, SAS 70, The Department of Health and Human Services, type II

HIPAA, The Health Insurance Portability and Accountability Act, has been with us for years now. Upon reading through the vast and cumbersome documentation, one quickly realizes that HIPAA has many moving parts, enough to make you...


July 24, 2009  8:00 PM

PCI DSS Compliance | Why You Need a QSA for Level 1 Compliance



Posted by: Charles Denyer
charles denyer, dss, level 1, merchant, payment card industry data security standards (PCI DSS), payment card industry security standards council, PCI, pci ssc, qsa, qualified security assessor (QSA), service provider

PCI DSS Compliance for Level 1 Merchants and Service Providers is mandatory. In short, if you are a Merchant or Service Provider and have been...


April 27, 2009  2:06 AM

Sarbanes Oxley (SOX) and SAS 70 | What Does the Future Hold?



Posted by: Charles Denyer
charles denyer, Compliance, corporate governance, PCI, Sarbanes-Oxley, SAS 70, SOX

Sarbanes Oxley and SAS 70 audits have had a monumental impact on corporate governance and compliance. So much so, they almost invented a huge part of the pie. As a SAS 70 auditor, i'm often asked what does the...


January 16, 2009  3:46 PM

SAS 70 Audits & Data Centers | Tips on Preparing for the Audit



Posted by: Charles Denyer
change management sas 70, co-locations, environmental security, incident management, incident management sas 70, managed services sas 70, payment card industry, PCI, PCI DSS, physical security, SAS 70, sas 70 data centers, sas70

Today's data centers and managed services providers are complex businesses, providing customers with a wide array of services. As such, SAS 70 audits have become the standard compliance audit for assessing internal controls for data centers and managed...


December 31, 2008  11:19 PM

SAS 70 and Regulatory Audits | What is the Impact to our Economy?



Posted by: Charles Denyer
glbay, HIPAA, impacts of audits to economy, payment card industry, PCI, Sarbanes-Oxley, SAS 70, sas70, section 404, SOX

The impacts, in my opinion, are the following. Interestingly, the last decade has seen somewhat of a shift in auditing. That's not to say there has been a decrease in this specialized service, quite to the contrary. The shift has occurred as financial statement auditing has begun to see somewhat...


December 30, 2008  3:21 PM

SAS 70 | PCI DSS | 2009 Regulatory Compliance Checklist



Posted by: Charles Denyer
audits, payment card industry, payment card industry data security standards, PCI, pci assessment, pci compliance, PCI DSS, pci dss qsa, regulatory compliance, SAS 70, sas 70 audit report, SAS 70 checklist, sas 70 control objectives, SAS 70 readiness questionnaire, sas 70 sample report, SAS 70 Type I, sas 70 type ii, sas70, sas70 sample reports, Security, SOX, What is SAS 70?

When ushering in the new year festivities, keep in mind that a number of regulatory compliance issues will be facing your organization also as 2009 looms just around the corner. No, they're not stocking stuffers, rather, they can be considered expensive, time-consuming, and arduous, to say the...


December 30, 2008  2:08 PM

PCI Payment Card Industry Compliance | PCI DSS | Important Tips



Posted by: Charles Denyer
payment card industry, payment card industry data security standards, PCI, pci assessment, pci compliance, PCI DSS, pci dss qsa, pci dss requirement 1.1.1, pci dss requirement 1.1.2

Is your organization seeking to become Payment Card Industry (PCI) Data Security Standards (DSS) compliant for 2009? Are you a merchant or service provider that is directly involved in the processing, storage, or transmission of transaction data or cardholder data? If you answered yes to these...


November 23, 2008  7:24 PM

Payment Card Industry (PCI DSS) Compliance | Requirement 1.1.2



Posted by: Charles Denyer
payment card industry, payment card industry data security standards, PCI, pci assessment, pci compliance, PCI DSS, pci dss qsa, pci dss requirement 1.1.2, policies and procedures, qsa, regulatory compliance, SAS 70, sas 70 audit report

Payment Card Industry (PCI) Data Security Standards (DSS) compliance for PCI DSS requirement 1.1.2 calls for "Current network diagram with all connections to cardholder data, including any wireless networks" Thus, testing for validating...


November 23, 2008  7:14 PM

Payment Card Industry (PCI DSS) Compliance | Requirement 1.1.1



Posted by: Charles Denyer
payment card industry, payment card industry data security standards, PCI, pci assessment, pci compliance, PCI DSS, pci dss qsa, pci dss requirement 1.1.1, policies and procedures, qsa

PCI DSS Requirement 1.1.1 calls for "A formal process for approving and testing all network connections and changes to the firewall and router configurations". Thus, the test to validate this, in accordance with PCI DSS 1.2 standards is to...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: