SAS 70

Jul 29 2008   11:51PM GMT

SAS70 audit exceptions



Posted by: SAS70ExPERT
Tags:
Auditing
CIO
Compliance
Encryption
SAS 70

As I have read many SAS 70 audit reports, my perception of the quality of audit reports is varied. As I stated in previous blogs, there are different standards with which to use to implement information technology controls; however, the SAS70 standard does not require an auditor to meet specific information security requirements. Therefore, an auditor may audit network security rather heavily or not at all. If the SAS 70 standard was changed to provide specific requirements related to IT that were to be audited, then more benchmarking of the effectiveness of controls and of the SAS 70 audit would be available. How do you feel about the quality of audit coverage of network security controls in your SAS70 audit? Sas70expert@gmail.com

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: