type i

PCI DSS | SAS 70 | Finding Resources to Learn about Compliance

PCI DSS and SAS 70 Type I and Type II audits are a mainstay in today’s regulatory arena. As such, i’m often asked what are some of the best resources available to learn about the Payment Card Industry Data Security Standards (PCI DSS) initiative and the SAS 70 audit requirements.

PCI DSS
pcisecuritystandards is the official site for PCI DSS compliance. It was put forth by the Payment Card Industry Security Standards Council, commonly known as the PCI SSC. The major payment brands have effectively endorsed the PCI DSS standards, thus you can learn all you need to know about PCI DSS by visiting their site. The left column gives you quick links to all the important PCI DSS information. Their are also some very helpful forums such as pcianswers and pcidssguru. These sites are managed by industry veterans in the Payments Industry and they give you unbiased and straight answers to any questions you may have.

SAS 70
The official AICPA website offers little in the way of education on SAS 70 audits. They do sell a book on SAS 70, but it is primarily geared towards auditors and is written in a technical manner. The other solution is to visit the Official SAS 70 Resource Guide, where you can watch training videos and learn all aspects of SAS 70 Type I and Type II audits.

SAS 70 Audits for Data Centers | Why the Trend will Continue

SAS 70 audits have quickly become a high priority for data centers, co-location entities and managed service providers as of late. And there are plenty of reasons why this trend will continue go grow. The number of organizations that have buried the client server architecture is growing every day, resulting in a huge surge for data centers. In fact, most quality data centers in the United States are having little or no challenges in filling up their data center floor space. From traditional ping, power and pipe to fully managed services, data centers are becoming a necessity for most businesses today. As a result of this, their respective compliance requirements will continue to expand also. From SAS 70 to PCI DSS, just to name a few, data centers are being hit hard with the regulatory compliance bug.

Add to the fact that many data centers are now physically housing sensitive health care and financial information for many of their clients. As such, client requests for the security, confidentiality and integrity of this data are being validated via SAS 70 Type II audits. This “trend” if you want to call it that, will become a mandatory requirement for any data center seeking to grow and prosper in the coming years.

Visit the official SAS 70 Resource Guide to learn more about SAS 70 Type I and Type II audits.

SAS 70 Training Videos | The Best Way to Learn about Type I and Type II Audits

SAS 70 training videos are simply the best way to truly gain an understanding of the inner workings on Statement on Auditing Standards No. 70. As an auditor, i’ve been asked many times on this post and others if content can be developed to gain a better understanding of how the Type I and Type II audit process begins and ends. Well, watch the ten (10) SAS 70 training videos and you’ll quickly get up to speed on all you need to know about Type I and Type II audits. Listed below are the topics of each of the ten (10) videos.

1. Introduction to the SAS 70 Auditing Standard

2. SAS 70 Type I Audits

3. SAS 70 Type II Audits

4. SAS 70 & Audit Scope

5. SAS 70 Audit Cost & Pricing Factors

6. SAS 70 Readiness Assessment and Questionnaires

7. SAS 70 Audit Planning and Audit Fieldwork Activities

8. SAS 70 Roadmap to Compliance

9. Frequently Asked Questions

10. Concluding Thoughts on SAS 70 Audits

Visit the official SAS 70 Resource Guide to learn more about SAS 70 Type I and Type II audits and to also view the SAS 70 Training Videos.

SAS 70 Audits and PCI DSS Assessments | What you NEED to Know

SAS 70 audits and PCI DSS Assessments are on everybody’s radar screen today, or though it seems. Particularly, SAS 70 Type II Audits and Payment Card Industry Data Security Standards (PCI DSS) Level I assessments.

And why? Because many service organizations, merchants, and service providers are being asked to become compliant with either a SAS 70 audit, a PCI DSS Assessment or both, for purposes of today’s regulatory compliance initiatives. Take note, Nevada just passed provisions of PCI into law, joining Minnesota as another state that is taking security and privacy to a new level.

I’ve put together a comprehensive white paper on SAS 70 Type II audits and PCI DSS Level 1 assessments that is definitely good reading material if your organization has to become compliant with either of these.

Visit the official SAS 70 Resource Guide to learn more about Type I and Type II audits
Visit the official PCI DSS Resource Guide to learn more about PCI DSS Assessments.

SAS 70 Compliance | Why a Readiness Assessment is Essential for the Audit

Many service organizations having to undergo SAS 70 Type I or SAS 70 Type II compliance would greatly benefit from a SAS 70 Readiness Assessment. So, let’s clear the air as to what this actually is.

A SAS 70 Readiness Assessment should be a proactive exercise which actually benefits the overall SAS 70 audit process. A Readiness Assessment should, thus, include the following:

1. A series of in-depth and comprehensive questionnaires that help examine the control environment of a service organization, while assisting in identifying any weaknesses or deficiencies within the overall control framework.
2. A gap analysis or “findings” of deficiencies and what corrective action is needed to strengthen the control environment of the service organization.

A quality CPA firm should be able to provide you with a series of highly-customized SAS 70 Readiness Assessment Questionnaires along with giving the service organization expert guidance and assistance in answering the questionnaires.

If you want to learn more about what a Readiness Assessment actually entails, then visit the Official SAS 70 Resource Guide.

SAS 70 Audit | Why a Readiness Assessment is Crucial

If your organization is seeking to become SAS 70 Type I or Type II compliant in the near future, then it is a wise decision to embark on a SAS 70 Readiness Assessment. These assessments essentially help you identify your control environment, the scope of the audit, and what deficiencies or gaps may be present within your overall internal control framework within your organization. It should not be looked upon as an additional cost of a SAS 70 audit, but that of a useful and proactive exercise in preparing your organization for the rigors of going through an actual SAS 70 audit.

Working right towards SAS 70 Type I or Type II compliance without conducting a SAS 70 Readiness Assessment can be a daunting and challenging task. Many problems can arise out of this, such as not properly scoping the audit, not adequately identifying weaknesses within your control structure, along with other critical and material issues. The result can be cost and time overruns to correct these issues that should of been addressed prior to the actual audit.

To learn more about SAS 70, visit the official SAS 70 Resource Guide.