Blog Posts Tagged with "SSAE 16"

Ee445365f5f87ac6a6017afd9411a04a

What Magneto's Helmet and Non-ICFR SSAE 16 Controls have in Common

July 04, 2013 Added by:Jon Long

Recently I have had opportunities to observe several auditors defend why they believe the controls contained in their client's SSAE 16 reports are relevant to internal controls over financial reporting (ICFR).

Comments  (0)

Ee445365f5f87ac6a6017afd9411a04a

Irregardless, Begs the Question, and SSAE 16 Certified

June 04, 2013 Added by:Jon Long

"Irregardless" is not a word, and is not a substitute for irrespective or regardless. "Begging the question" is a logical fallacy, not a substitute for "...which raises the question...", and there is no such thing as an "SSAE 16 certification".

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Third Party Service Providers and PCI Compliance

September 25, 2012 Added by:PCI Guru

If a third party is providing your organization a service that has access to your cardholder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party must ensure that the service complies with all relevant PCI requirements...

Comments  (3)

Ee445365f5f87ac6a6017afd9411a04a

SOC 2: The Customer Security Questionnaire Killer

May 07, 2012 Added by:Jon Long

User organizations figured out a long time ago that if they want confirmation of how secure their suppliers are, they have to find out for themselves because a sufficient third party attestation did not exist. This is also where the challenge to service auditors is...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Cloud Security: Forecast Sunny with Possibility of Showers

April 04, 2012 Added by:Fergal Glynn

Even as companies are adapting to this new paradigm, there are growing concerns about the safety of their data in the cloud. Incidents at cloud service providers like Dropbox highlight dangers of storing information in the cloud...

Comments  (0)

8fcd3af85e00d8db661be6a882c6442b

SSAE 16 "First to Fail"?

December 27, 2011 Added by:david barton

So if First to File® is in the business of document management, how do their services have any relevance to a user entity’s financial statements? They are merely storing intellectual property (IP) in a web-based environment for their customers...

Comments  (0)

8fcd3af85e00d8db661be6a882c6442b

SSAE 16 is NOT SOC 2

December 22, 2011 Added by:david barton

Just when I thought things were getting better, along comes a press release that is wrong on so many levels I don’t even know where to begin. First, SSAE 16 is not a certification. Secondly, SOC 2 is totally unrelated to SSAE 16, which is specific guidance for conducting SOC 1 reviews...

Comments  (2)

09c2ababe8c6cf526240b751ff11acaa

SOC 2 for Cloud Computing

October 09, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SOC 2 reports allow cloud providers to communicate information about their services and the suitability of the design and operating effectiveness of their controls to prospective and existing customers in a well-known format that is nearly identical to an SSAE 16 report...

Comments  (2)

09c2ababe8c6cf526240b751ff11acaa

Why Data Centers Need SSAE 16

September 29, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SSAE 16 is one of the most widely known tools for providing assurances to data center customers. Yet, a myth that the SSAE 16 standard is not applicable to the industry persists. Data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability...

Comments  (4)

8fcd3af85e00d8db661be6a882c6442b

Why Data Centers Don't Need SSAE 16

August 24, 2011 Added by:david barton

I agree that DCs provide certain fundamental general controls that may impact the systems that are maintained there. But even those general controls do not constitute Internal Controls over Financial Reporting (ICFR) which is clearly a requirement for performing a SOC 1 (SSAE 16) review...

Comments  (9)

Fc152e73692bc3c934d248f639d9e963

SAS 70 Is Dead!

November 15, 2010 Added by:PCI Guru

The good news is that, for the most part, SSAE 16 and ISAE 3402 are essentially the same. There are a few differences that are important to financial auditors and lawyers, but should not have an impact on people relying on these reports for PCI compliance or other purposes...

Comments  (3)