BrentSheets   6535 pts.  |   May 21 2009  12:25PM GMT

Moderator Note: Hello Skydivejersey and welcome to IT Knowledge Exchange. Some of your fellow ITKE members and TechTarget editors are blogging on audit and compliance topics. You might wish to visit the blogs for more information. Below are some blogs that may be of interest to you.

Sister CISA CISSP

Regulatory Compliance, Governance and Security

IT Governance, Risk, and Compliance

IT Compliance Advisor

Regulatory Reality

KevinBeaver   7610 pts.  |   May 22 2009  5:47PM GMT

If this information was available to the public the name brand auditing firms might not be doing (or re-doing) so many of these. Here’s some good insight on SAS70 audits.

You can look at the ISO/IEC 27002 criteria and then take things up a 20 or 30 thousand feet and you’ll be at about the right level of a SAS70 audit.

Just know that you can never, ever, ever (get my point?) trust that just because you “pass” a SAS70 audit that your business is secure from the risks that matter.