SAS 70 » management software

Making the Outsourcing Decision – SAS 70

SAS70ExPERT — Wed, 17 Sep 2008 23:06:47 +0000

When deciding to outsource information technology to third-party services, Executive management should conduct an analysis to evaluate available options and determine if the vendor capabilities aligns with corporate objectives. First, determine what the driving factors that require you to outsource are – is it simple economics, as cost of technology for your industry is beyond your reach, or do you not have the internal talent to manage an entire network infrastructure. By identifying the company specific strategic drivers for outsourcing, you will be able to quickly weed away the inept vendors.

When selecting the outsourced vendor, carefully screen each vendor to determine if they have the necessary expertise to perform on time and after hours when emergencies occur. Don’t just go to lunch with the local sales representative and expect him to be there when an emergency occurs. Be sure to get all guarantees in writing, and a service level agreement is required. Due diligence is required to understand and compare the capabilities in order to meet corporate objectives. sas70expert@gmail.com

Do you need the Secret Service to guard your data? – SAS70

SAS70ExPERT — Tue, 01 Jul 2008 17:45:52 +0000

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

Are you ready to make decisions as CSO or CIO? – SAS70

SAS70ExPERT — Sat, 28 Jun 2008 01:33:52 +0000

As you complete that CISSP or CISA designation and move up the corporate ladder, do you have the right skills to begin making the decisions as CSO or CIO? Even if you have a great understanding of IT operations(networking, disaster recovery, datacenter management), compliance(SAS70, Webtrust, Systrust, SOX), and leadership(Project management, financial budgeting and administration), if you don’t communicate effectively you will not make the list. IT leaders can write, speak until they are red in the face; however, if they are unable to speak general business language, the business audience will not support their IT objectives or provide funding. Some of the more important skills to have as CSO or CIO are:

Communicate effectively
Lead during a disaster
Provide an IT strategy

What are the important skills that a CSO or CIO must have to be a success? As a team leader? To build Board support? To be an effective information technology project manager/business leader? To build another Google, Microsoft Windows, or Email Exchange?

SAS70ExPERT@gmail.com

What’s your data loss prevention strategy? – SAS70

SAS70ExPERT — Thu, 26 Jun 2008 04:30:32 +0000

Are you reviewing you firewall rules quarterly? Have you implemented an (IDS) intrusion detection system? Are your routers set up to prevent unauthorized intruders? Do you have the latest and greatest virus protection? Are you performing a SAS70 audit every six months? Database security breaches are increasing daily and costing tremendous amounts of dollars that should have been spent on IT projects. You should at least have an emergency plan in place when data loss occurs. Without an emergency plan in place, the breach could continue and the legal costs could continue to escalate.