Blog Posts Tagged with "SSAE 16"
Third Party Service Providers and PCI Compliance
September 25, 2012 Added by:PCI Guru
If a third party is providing your organization a service that has access to your cardholder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party must ensure that the service complies with all relevant PCI requirements...
Comments (3)
SOC 2: The Customer Security Questionnaire Killer
May 07, 2012 Added by:Jon Long
User organizations figured out a long time ago that if they want confirmation of how secure their suppliers are, they have to find out for themselves because a sufficient third party attestation did not exist. This is also where the challenge to service auditors is...
Comments (0)
Cloud Security: Forecast Sunny with Possibility of Showers
April 04, 2012 Added by:Fergal Glynn
Even as companies are adapting to this new paradigm, there are growing concerns about the safety of their data in the cloud. Incidents at cloud service providers like Dropbox highlight dangers of storing information in the cloud...
Comments (0)
SSAE 16 "First to Fail"?
December 27, 2011 Added by:david barton
So if First to File® is in the business of document management, how do their services have any relevance to a user entity’s financial statements? They are merely storing intellectual property (IP) in a web-based environment for their customers...
Comments (0)
SSAE 16 is NOT SOC 2
December 22, 2011 Added by:david barton
Just when I thought things were getting better, along comes a press release that is wrong on so many levels I don’t even know where to begin. First, SSAE 16 is not a certification. Secondly, SOC 2 is totally unrelated to SSAE 16, which is specific guidance for conducting SOC 1 reviews...
Comments (2)
SOC 2 for Cloud Computing
October 09, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA
SOC 2 reports allow cloud providers to communicate information about their services and the suitability of the design and operating effectiveness of their controls to prospective and existing customers in a well-known format that is nearly identical to an SSAE 16 report...
Comments (2)
Why Data Centers Need SSAE 16
September 29, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA
SSAE 16 is one of the most widely known tools for providing assurances to data center customers. Yet, a myth that the SSAE 16 standard is not applicable to the industry persists. Data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability...
Comments (4)
Why Data Centers Don't Need SSAE 16
August 24, 2011 Added by:david barton
I agree that DCs provide certain fundamental general controls that may impact the systems that are maintained there. But even those general controls do not constitute Internal Controls over Financial Reporting (ICFR) which is clearly a requirement for performing a SOC 1 (SSAE 16) review...
Comments (9)
SAS 70 Is Dead!
November 15, 2010 Added by:PCI Guru
The good news is that, for the most part, SSAE 16 and ISAE 3402 are essentially the same. There are a few differences that are important to financial auditors and lawyers, but should not have an impact on people relying on these reports for PCI compliance or other purposes...
Comments (3)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)