Nov 17 2008 11:23PM GMT
Posted by: sas70expert
Management,
Access control,
Data center operations,
Network,
SaaS,
SAS 70
As more outsourcing of applications takes place in this economy by using SaaS(software-as-a-service), is Management producing costs savings? and how many SAS70’s will you be required to collect? From the Data Center operations, the IT support vendor, and the application provider?
When you perform your cost-benefit analysis items to consider are
- Who will benefit from access control for your application
- From where will your visitors/employees/customers be connecting to your information, vpn network, cellphone or pda, or other web enabled device
- Obtain more control over your licensing costs
As you develop a strategic plan to use SaaS, build fundamental close relationships with your vendors and define them carefully in your contracts. Constantly update your contracts or service level agreements to match your needs and develop tools to monitor the success of your vendor meeting your requirements.
SAS70 must be performed on your SaaS vendor to provide you with the reliability, confidentiality and integrity of service to be provided to you and your customers. Control objectives may be similar or different, but careful examination of the audit report should be performed in order to determine that your data is secure. SAS70ExPERT.biz
Jul 24 2008 1:36AM GMT
Posted by: sas70expert
Security management,
Third-party services,
Security,
Management,
Security Program Management,
Compliance,
Risk management,
Auditing,
Monitoring,
Access control,
Data center operations,
CIO,
SAS 70,
CSO
“Do you understand what impact the outsourced vendor has on your financial stability?” says a SAS 70 auditor. If they fail to make payroll or Friday or if you’re DataCenter fails, what effect will that have on your operations? So as not to be “asleep at the switch,” make sure you understand the vendor’s operations and risks involved. Here are 10 essential specifications that you should have in your service level agreement with you’re outsourced vendor:
1) Data encryption and protection – determine what your vendor is doing from an information technology perspective to protect your information. Are they using applications that have security built-in? Do they have firewalls?
2) Physical Security – review and management of access to buildings and data is critical to protect information technology assets. Tight control must be maintained in order to prevent identify theft and loss of valuable equipment, like exchange servers, racks, and hard drives. Each employee should have ID, preferably biometric, and you should log entry and egress into facilities.
3) Environmental Security – Make sure your data is not only locked in the safe room, but that the environment in the room provides essential protections. Do they have fire extinguishers? Temperature control? Air conditioners? …etc.
4) Confidentiality agreements – Require your business partner/vendor to sign confidentiality agreements/non-disclosure agreements to prevent loss of trade secrets, data, and patents.
5)Employee training – Policies are useless, unless your employees and vendors are trained and aware. Provide all vendors with awareness training of your requirements when processing your information or providing you with services.
6) Require employee background investigations. You want to make sure that the person responsible for managing your money is not a convicted felon. They must have a review of the work history and a validation of the skills.
7)Lastly, Management of vendors- After you have given your requirements to your vendor, how do you know they stay in compliance? A SAS 70 audit is required. Trackback URL
Jul 11 2008 6:26PM GMT
Posted by: sas70expert
Third-party services,
Security,
Microsoft Windows,
Management,
Compliance,
Auditing,
Data center operations,
CIO,
CEO,
CFO,
SAS 70,
CSO
When I Google today on SAS70? Wow, I have so many choices. With the rankings of companies - it is confusing and perplexing and that I am not even on the first page. How do I get there without breaking the bank? I have read some on the Google site about it and it has left me wanting more. Just like you, I am searching for ways for companies to recognize me and my site and want to follow the rules so that I can make my site visited. One way is to spend, spend, spend. A SEO consulting firm can get you to the top of the page, but it will take a substantial investment. A beginning company may not want to invest big dollars yet, but their has to be other ways to build brand awareness without selling the computer. Have you hired a SEO consultant? What are your experiences? What are some key things that I should be looking for?
Jul 1 2008 5:45PM GMT
Posted by: sas70expert
Security management,
Third-party services,
Administration,
Database issues,
Disaster Recovery,
Networking,
Active Directory,
Network security,
Storage,
Security,
Network monitoring,
Servers,
Microsoft Windows,
Information risk management,
Management,
Security Program Management,
Risk management,
human factors,
Database,
Database Management Systems,
business/IT alignment,
Access,
Financials,
Access control,
Industry Solutions,
Data center operations,
Network Management Systems,
Data center design,
Network,
CIO,
DataCenter,
DataManagement,
CEO,
management software,
Single sign-on,
FTP,
CFO,
cooling systems,
Backup & recovery,
Exchange,
Backup,
power systems,
SAS 70,
budget,
bugeting,
CSO
It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com
Jun 30 2008 3:19AM GMT
Posted by: sas70expert
Third-party services,
Networking,
Network security,
Network monitoring,
Strategic Enterprise Management,
Microsoft Windows,
Management,
Database Management Systems,
Industry Solutions,
Data center operations,
Network Management Systems,
Blackberry,
Data center design,
CIO,
Mobile,
DataCenter,
DataManagement,
CEO,
CFO,
storage arrays,
cooling systems,
Exchange,
power systems,
SAS 70,
CSO,
Rack systems
Can we believe all the hype? Is there a green revolution afoot? From cars to energy to datacenters, everyone is going green. Datacenters have become very complex, with so many interactions among processors, rack systems, power and cooling systems, storage arrays, networks, and communications channels - that they can be regarded as unique virtual environments that consume large amounts of energy. Our need to have access to the internet anywhere and everywhere, requires more capacity and increasing speeds of datacenter components. What steps are you taking to become Green?
Jun 28 2008 1:33AM GMT
Posted by: sas70expert
Security management,
Third-party services,
Administration,
Networking,
Security,
Strategic Enterprise Management,
Microsoft Windows,
Information risk management,
Career development,
Management,
Security Program Management,
Compliance,
Risk management,
human factors,
business/IT alignment,
Auditing,
Monitoring,
Financials,
Data center operations,
CIO,
DataCenter,
DataManagement,
CEO,
management software,
CFO,
Email,
Exchange,
SAS 70,
CSO
As you complete that CISSP or CISA designation and move up the corporate ladder, do you have the right skills to begin making the decisions as CSO or CIO? Even if you have a great understanding of IT operations(networking, disaster recovery, datacenter management), compliance(SAS70, Webtrust, Systrust, SOX), and leadership(Project management, financial budgeting and administration), if you don’t communicate effectively you will not make the list. IT leaders can write, speak until they are red in the face; however, if they are unable to speak general business language, the business audience will not support their IT objectives or provide funding. Some of the more important skills to have as CSO or CIO are:
- Communicate effectively
- Lead during a disaster
- Provide an IT strategy
What are the important skills that a CSO or CIO must have to be a success? As a team leader? To build Board support? To be an effective information technology project manager/business leader? To build another Google, Microsoft Windows, or Email Exchange?
SAS70ExPERT@gmail.com
