MasterCard Site Data Protection Program (SDP) | Attention Merchants | PCI DSS

charles denyer — Mon, 24 Aug 2009 16:33:26 -0400

MasterCard is now requiring both Level 1 and Level 2 Merchants to undertake an annual on-site assessment by a Qualified Security Assessor, known as a QSA. This is significant because there are a large number of Merchants that used to able to "self assess" with a self assessment questionnaire. This is no longer the case and merchants will have to become compliant with this new provision by December 31, 2010.

PCI Merchant Levels | What You Need to Know about PCI DSS Compliance

charles denyer — Wed, 08 Jul 2009 08:07:35 -0400

For Merchants, there are essentially four (4) levels that any organization may fall into regarding compliance. If you fall into the Level 1 category, then be prepared to have an actual on-site Payment Card Industry Data Security Standards (PCI DSS) assessment conducted. The same can be said for Service Providers who have been identified as a Level 1.

Follow these helpful links for learning all you need to about about the varying levels of compliance and what their specific requirements are:

SAS 70 Sample Report | Obtain an Example SAS 70 Type II Report to Learn about SAS 70 Audits

charles denyer — Mon, 06 Jul 2009 11:33:23 -0400

Obtaining a sample SAS 70 Type II Report is quite simply the best and most practical way to truly learn and understand what a SAS 70 audit encompasses. Many service organizations today are having to comply with the growing surge of regulatory compliance mandates, and SAS 70 Type II compliance is quickly becoming one of the most common and well-recog

Comment on Node ant

charles denyer — Fri, 15 May 2009 15:35:23 -0400

great blog on sas 70

SAS 70 Audits | Advice on Scoping for Type I or Type II SAS 70 Compliance

charles denyer — Fri, 15 May 2009 15:34:25 -0400

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

SAS 70 Certification | Expert Advice on Pricing and Audit Scope | Type I and Type II Audits

charles denyer — Thu, 07 May 2009 16:43:39 -0400

SAS 70 certification (more technically known as SAS 70 "compliance") is gaining momentum and recognition in many industries today. The growth of regulatory compliance, security and governance has pushed SAS 70 audits to the forefront of business, and it's not going away. Rather, we will continue to see a upswing in SAS 70 audits performed on organizations along with growth in almost any type of audit or assessment revolving around internal controls.

PCI Merchant Levels for VISA | Expert Advice from a PCI DSS Assessor

charles denyer — Fri, 10 Apr 2009 21:38:44 -0400

Listed below ar the PCI Merchant Levels for VISA.

SAS 70 Control Objectives | Expert Advice from a SAS 70 Auditor

charles denyer — Wed, 01 Apr 2009 15:32:39 -0400

SAS 70 control objectives are essentially the statements and assertions that your organization is adhering to for purposes of a SAS 70 audit. In simpler terms, they are the cornerstone of the audit that help frame the overall auditing process that is undertaken. Thus, whatever your control objective states, your organization should be able to prove that very assertion.

SAS 70 Control Objectives | Expert Advice from a SAS 70 Auditor

charles denyer — Wed, 01 Apr 2009 15:30:39 -0400

SAS 70 control objectives are essentially the statements and assertion that your organization are adhering to for purposes of a SAS 70 audit. In simpler terms, they are the cornerstone of the audit that help frame the overall auditing process that is undertaken.

A number of best of breed, predefined control objectives are currently utilized by CPA firms who conduct SAS 70 audits. Sure, they may differ in how they are actually stated, but in reality, they "should" be similiar in application.

SAS 70 Controls for Type I and Type II Audits | What you Need to Know

charles denyer — Sun, 29 Mar 2009 09:06:16 -0400

As a SAS 70 auditor, i'm often asked about SAS 70 controls, that is, what are they, how do you develop them, are their industry benchmarks and best of breed controls currently in use, etc.? All good questions, no doubt. However, with that said, there are a number of key themes you need to be aware of regarding SAS 70 controls, and they are: