September 8, 2008 4:04 PM
Posted by: Charles Denyer
audits,
Compliance,
regulatory compliance,
Sarbanes-Oxley,
sas70,
sas70 sample reports,
SecurityIf your company is needing to be SAS70 compliant, then a good start is to learn about what a SAS70 audit is and what the difference is between a SAS70 Type I & SAS70 Type II audit report.
In short, a SAS70 Type I is simply...
August 27, 2008 12:05 PM
Posted by: Charles Denyer
SAS 70,
SAS 70 checklist,
SAS 70 readiness questionnaire,
sas70,
sas70 sample reportsThe tremendous growth of SAS 70 audits has been felt in many industries, requiring service providers (commonly known as service organizations in the SAS 70 world) to undergo an annual SAS 70 Type II audit. If your organization is new to the SAS 70 audit process, here are some helpful tips for...
August 26, 2008 8:05 PM
Posted by: Charles Denyer
Compliance,
regulatory compliance,
SaaS,
SAS 70,
sas70,
sas70 sample reports,
Software as a ServiceThe Software as a Service (SaaS) industry and SAS 70 audits actually have quite a bit in common. First and foremost, both the SAS 70 auditing standard and the SaaS industry have seen explosive growth in the past five years, thanks in large part to regulatory compliance and the advent of technology....
August 26, 2008 7:43 PM
Posted by: Charles Denyer
GLBA privacy rule,
GLBA safeguards rule,
SAS 70,
SAS 70 download,
sas70The Gramm Leach Bliley Act, commonly known as GLBA, has certain provisions that require organizations, such as financial institutions (bank, online trading entities) to protect confidential consumer information. Unfortunately,...
August 26, 2008 12:36 PM
Posted by: Charles Denyer
regulatory compliance,
Sarbanes-Oxley,
SAS 70,
sas70,
sas70 sample reports,
section 404 soxThe relationship between Sarbanes-Oxley and SAS 70 begins with Section 404 of the 2002 Sarbanes Oxley Act (SOX). Because management must report annually on it’s effectiveness of internal controls, it then has a fiduciary responsibility and a requirement to inspect on controls considered critical...
August 26, 2008 12:25 PM
Posted by: Charles Denyer
PCI,
pci compliance,
PCI DSS,
SAS 70,
sas70,
sas70 sample reportsIf your organization is required to be SAS 70 compliant along with obtaining a PCI DSS assessment, then it's time to think about creating efficiencies of scale when conducting both the audit for SAS 70 and the assessment for PCI compliance.
By no means are there perfect synergies, rather, both...
August 26, 2008 11:23 AM
Posted by: Charles Denyer
regulatory compliance,
Sarbanes-Oxley,
SAS 70,
SAS 70 download,
SAS 70 readiness questionnaire,
sas70,
sas70 sample reportsSAS 70 audits are being performed on many service organizations in today's growing regulatory compliance economy. From federal legislation, such as Sarbanes-Oxley to HIPAA, the SAS 70 auditing standard has been pushed to the...
August 26, 2008 11:10 AM
Posted by: Charles Denyer
HIPAA,
SAS 70,
SAS 70 download,
sas70,
Third Party Administrator,
TPAAs a SAS 70 auditor for many years, i've seen a huge increase in the number of third party administrators (TPA) that are required to go through a SAS 70 Type I or SAS 70 Type II audit. Man of these TPA organizations are considered small, with limited budgets, thus they voice a great deal of...
August 18, 2008 3:30 PM
Posted by: Charles Denyer
Compliance,
pci compliance,
pci dss qsa,
SAS 70,
sas70,
What is SAS 70?Many organizations are now being required to be SAS70 and PCI DSS compliant. With that said, I am often asked where the synergies or overlaps are for a SAS70 audit, which can only be done by a CPA firm and a PCI DSS assessment, which can only be done by a qualified PCI QSA individual.
My answer...
