We'd love to hear from you. Fill out contact request form and let us know how we can help. Or call us directly at phone
1 408-826-2284

Farlega’sBLOGS

That's we're talking about

Contact us

Write messages us using
the form below

Marked * are required

That's we're talking about!

Wish to learn more about what speak in company Farlega? Come to our blogs!

Security Assurance

Published: Mon, 07/26/2010 - 10:00
By: admin

SAS 70 – Why Should You Care?

SAS 70.  What do these words mean to you?  SAS 70 is becoming a more and more common term these days.  Initially SAS 70 examinations were mostly obtained by payroll processors and others providing financial processing services, but today a SAS 70 report has become a way to differentiate yourself and is expanding to industries such as data centers and mail processors.
 
Why should you care, you ask?  Because SAS 70 is becoming the standard in many markets and is required by various regulations.  Many organizations do not consider service providers that do not have a current SAS 70 report.  Financial institutions are required to review the SAS 70 report from any service organization that provides a critical financial function or has access to the Bank’s customer data.  In addition, companies that are subject to GLBA, HIPAA, and Sarbanes Oxley regulations must evaluate the effectiveness of their service provider’s controls. SAS 70 provides an independent evaluation of the service provider’s internal controls without having to perform a separate assessment or respond to multiple audit requests.  This can save both service providers and client companies significant capital.

The SAS 70 report provides your clients with evidence of internal controls, and demonstrates management’s commitment to internal control standards.  Widely accepted, they include a review of internal controls and related business processes, and can satisfy most regulations and audit requests.  A SAS 70 report is a great step to increase market potential and growth, and can set a company apart from its competitors.

The PCI Data Security Standards — Imagine Operating Without Credit Cards

Like most companies, colleges and universities are utilizing credit card transactions as a means to do business, particularly for tuition and other student payments. It is convenient for the consumer and relatively cost effective for the organization. Unfortunately, the cost of “business as usual” is about to change.

Over the years, the payment card companies have footed the bill for credit card theft and fraudulent activity. Hackers were merely a nuisance to the overall bottom line. However, the hacker’s modus operandi has shifted from simple website defacements for bragging rights and “onesy twosy” identity thefts, to organized crime syndicates profiting from data theft and black market sales of cardholder data. All of which is costing the card companies millions each year. In response, the card companies are looking to transfer some of these costs to organizations that don’t have the minimum security baselines in place to protect cardholder data. Enter the Payment Card Industry Data Security Standards (PCI-DSS).

What is PCI?

PCI DSS is a set of security standards created by Visa Inc., Discover Financial Services, JCB International, MasterCard Worldwide and American Express to help protect cardholders from the increasing number of incidents of identity theft and security incidents. There are 12 key security requirements; however, several steps need to be taken to meet compliance.

Who needs to comply?

All organizations that accept, process, transmit, or store credit card data. To date, credit card issuers (Visa, MasterCard, etc.) have focused compliance on larger merchants and processors even though the compliance requirement date for companies has passed. Due to recent increases in identity theft incidents, the card issuers have moved to enforcing full compliance.

What are the compliance levels?

 Level    Definition (# of Transactions Annually)    SAQ – Self Assessment Questionnaire    Network Security Scan by an ASV    On-Site Audit by QSA