SAS 70


December 3, 2008  4:52 PM

IFRS and the new accounting guidelines? SAS 70



Posted by: SAS70ExPERT
Management, SAS 70

Finally, international accounting standards are being implemented. Even though this will cause some upfront additional expense for companies to conform, in the long run, you will be better able to evaluate the financial stability of companies worldwide. Will this mean SAS 70 audit requirements will also be international?

 

In Canada currently they have similar SAS 70 audit legislation, but in Europe they do not. If America continues to outsource our financial, medical and application processing, don’t you think that European countries should have a SAS70 audit? If you bank at Citigroup, your help desk may reside in India. Without the SAS 70 audit standard being applied in India, will your financial data be safe? Someone could steal your identify and funds from a server in India; is there enough regulation to help you, especially when you need to purchase your Christmas gifts tomorrow?

 

As we continue to become a one-world economy, we must take fundamental steps to institute standards to protect our basic financial interests. This includes requiring a SAS 70 audit to be completed by all companies in any country that provides a service. Have you as a consumer requested to see your service providers SAS 70 audit today? Sas70expert@gmail.com

December 2, 2008  1:52 PM

What would you pay for this USB harddrive? SAS70



Posted by: SAS70ExPERT
CFO, CIO, SAS 70, Security management

What would you pay for a eight gigabyte USB harddrive? Some would say billions; especially if it contained your company’s financial or critical data. Everyday you read about lost or stolen company data which may be your intellectual property, credit card, or other personal medical information of your CFO. They are also the fastest and surest way to give a CIO a security headache. What are you doing to protect these information assets?

 

If your company or your staff is saving company or customer data to a USB drive; you need to set standards in your security managment program to protect this information. A SAS 70 audit will require you to have  standards that include:

 

1)      Require that all data stored on USB drives be encrypted.

2)      Require that only USB drives that are password protected be used.

3)      Notify and train your employees on this policy and have a procedure in place which requires that an employee report lost or stolen USB drives immediately; otherwise, be prepared for “headlines” and a lawsuit.

 

Are you involved with securing your corporate data and if so, are you worried about the insecurity of USB disk drives? What measures do you have in place? Sas70expert@gmail.com

 


December 1, 2008  11:10 PM

Have you received your stimulus today? SAS70



Posted by: SAS70ExPERT
budget, SAS 70

In order to meet budgetary guidelines, you may be wanted to ask for your handout from the US government. I know I would like to receive mine. My business is just getting started, but I could justify that if the economy would have held out, I would be substantially better off. Our newly elected president is going to have a struggle, but I hope that he will find a solution.

 

By accepting a portion of the stimulus package, US companies have basically outsourced/sold part of their business. Shouldn’t that mean that more regulation is required? With any loan more buy-back options, more oversight is required to make sure funds are managed appropriately, and that contractual agreements are met. Should that include SAS 70 audits? Basically, how can we prevent frivolous use of our funds. I think SAS 70 audits is an essential part of the regulation process. Sas70expert@gmail.com


November 30, 2008  8:39 PM

What cabinet position would you want to be elected too? SAS 70



Posted by: SAS70ExPERT
Auditing, Management, SAS 70

As we begin a new election process, our President is currently in the process of deciding who will fill cabinet level positions. Some bring foreign prestige, such as Secretary of State, and others focus more on domestic issues, such as Secretary of Treasury. Any of these positions will require persons with decisions making ability and new imaginative ideas to manage our growing economy. If I were Director of Office and Management and Budget, I would want to quickly define requirements to manage any new economic stimulus packages. SAS 70 audits would be a requirement that would be enclosed in any new legislation.

 

If the Federal Government and Warren Buffett is going to own much of our economy, how can we be sure that the financial transactions are processed correctly and that our personal data is kept safe? Yes! SAS 70 audits can fulfill that role.

 

Currently, we are dishing out funds at record pace. Sometimes {sarcastically}, I wonder why don’t we give every American a printer, and tell them to print only what they need. As a taxpayer, I don’t have any idea what my return on this investment will be. When you purchase Coca-Cola stock, I know what their dividend will be? What is our return on our investment in Citigroup and AIG?

AS 70 audits must become a fundamental requirement for almost any service organization to conduct business with the Federal Government. Do you agree? Sas70expert@gmail.com


November 27, 2008  4:37 PM

Have you been Clickjacking lately? SAS70



Posted by: SAS70ExPERT
browsers, Clickjacking, firefox, internet, internet explorer, Opera, SaaS, Safari, SAS 70, vendors

 Clickjacking threatens all major internet browsers – internet explorer, Mozilla firefox, Safari and Opera. What is it? Clickjacking is not when your wife takes over the remote control. It is when a browser user puts his mouse on a sign button, but a tag is placed under the button that the user may not see. When the user clicks, he then sends information to an unauthorized source. This could destroy the legitimacy of your web application or you SaaS.

 

There are several possible solutions to this hacker attack, but only with updates by the browser vendors. Firefox has a stop-gap solution in place – “no-script.” It is a technical solution and not for everyone. If you process credit card information, your SAS 70 auditor will look to see what precautions you have taken. What measures do you have in place? Sas70expert@gmail.com


November 27, 2008  1:40 AM

Outsource with a Plan – SAS70



Posted by: SAS70ExPERT
Disaster Recovery, Monitoring, SaaS, SAS 70, Third-party services

As more businesses outsource IT to third-party services, data privacy and integrity are paramount to the success of your operations. The SaaS small and medium businesses have a responsibility to ensure your data is processed correctly and that it is kept safe. SAS 70 audits are requirement.

Before outsourcing to save funds, make sure you have a defined plan. Without it, one small security breach of a politicians’ social security number can destroy your company reputation and your ability to generate new business. This plan should included:

1)definitions related to service levels. You will require your vendor to have uptime of at least 99%.

2) the ability to process your information quickly. Customers accesses your company website and purchasing items should occur relatively fast.

3) reporting functions which allow you monitoring capability and to  capture your data and analyze.

4) a Disaster Recovery plan, a single hardware failure can result in the loss of business.

SAS70expert@gmail.com


November 26, 2008  2:17 AM

Have you checked your email today? – SAS70



Posted by: SAS70ExPERT
ActiveDirectory, DataCenter, SAS 70

When considering the scope of your SAS 70 audit, do you consider email an important company asset? Would it contain critical information on your customers? 9 out 10 times an email will contain customer financial data, executive contact information, and related gossip. Some SAS 70 audits fail to note the importance of maintaining security of company email systems.

 

Email systems must be protected from internal and external threats. Other employees gaining access to other’s email systems or hackers trying to break into your email servers could walk away with critical information. Executives would not be happy when receiving notice of a lawsuit by a customer because a hacker gained the schematics of their datacenter.

 

If you are using ActiveDirectory, perform periodic reviews users with access to email. In addition, limit administrators to as few as possible. Make sure your user access procedures are documented, approved, and implemented for your company. Terminated employees must be removed from email access immediately. Implementing these fundamental controls will assist you in completion of your SAS70 audit. SAS70expert@gmail.com


November 25, 2008  1:36 AM

Capacity and Utilization in No. 1 in 2008 – SAS70



Posted by: SAS70ExPERT
DataCenter, SAS 70

Even without the SAS70 requirement, capacity and utilization should be a major focus within your DataCenter environment. if you want your energy costs to controlled, simply turn off some of your servers and desktops. The turnoff approach can result in nearly 10% decrease in power consumption for every 100 servers says Nermetes Research. In addition, this will allow the servers in operation to have better processing performance.

Power management may be automated. Software applications will monitor power consumed and turn off equipment when the need decreases.  The software will also power power and capacity usage reports that may be used to further customize your operations.

SAS 70 audits will require you to manage your operations not only to protect your customers data, but to verify that your service level agreements are met. SAS70expert@gmail.com


November 17, 2008  11:23 PM

SaaS and SAS70 – SAS70ExPERT



Posted by: SAS70ExPERT
Access control, Data center operations, Management, Network, SaaS, SAS 70

As more outsourcing of applications takes place in this economy by using SaaS(software-as-a-service), is Management producing costs savings? and how many SAS70′s will you be required to collect? From the Data Center operations, the IT support vendor, and the application provider?

 

When you perform your cost-benefit analysis items to consider are

  • Who will benefit from access control for your application
  • From where will your visitors/employees/customers be connecting to your information, vpn network, cellphone or pda, or other web enabled device
  • Obtain more control over your licensing costs

As you develop a strategic plan to use SaaS, build fundamental close relationships with your vendors and define them carefully in your contracts. Constantly update your contracts or service level agreements to match your needs and develop tools to monitor the success of your vendor meeting your requirements.

 

SAS70 must be performed on your SaaS vendor to provide you with the reliability, confidentiality and integrity of service to be provided to you and your customers. Control objectives may be similar or different, but careful examination of the audit report should be performed in order to determine that your data is secure. SAS70ExPERT.biz


October 25, 2008  1:43 AM

Privacy issues and the SAS70 audit



Posted by: SAS70ExPERT
Management, Risk management, SAS 70, Security Program Management

Privacy as part of your Security Program Management program means adherence to trust and obligation within your company policy, standards, and procedures. SAS 70 auditors may assist you in implementing this risk management into your company standards by:

 

1.       identifying the data or information that is personable,

2.       examining the private information collected, disclosed and that should be destroyed

3.       ensuring the accountability of the private data

4.       assisting in developing policy and procedure for the risks associated with private data

 

Based on this standard, you should be able to comply with legal and compliance regulations. This would ensure that privacy standards are considered in all IT projects. SAS70ExPERT@gmail.com


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: