Archive: Jun 2012

PCI DSS Requirement 6.2 Risk Ranking Vulnerabilities – Is your organization ready?

The Payment Card Industry Data Security Standards (“PCI DSS”) version 2.0 dated October 2010 became effective on January 1, 2011.  There were many subtle and not so subtle changes from the previous version of the standard.  The majority of the change became effective January 1, 2011, when requirement 6.2 was only considered a “best practice” by the PCI DSS. As of June 30, 2012, requirement 6.2 will become a requirement.  With June 30 just a few days away, if your report on compliance is not in the final stages of report issuance, you need to be prepared to comply with requirement 6.2.

Read More

Integrated Audit of Financial Statements – Relevance of an SSAE 16 Report

  Over the many years, while I have been working with companies as their Independent Service Auditor to help issue their SAS 70s / SSAE 16 reports, I have also been on the other side of the fence wherein I was part of the team responsible for the Audit of the Financial Statements of a company that used the SAS 70 / SSAE 16 report.  I thought it may be useful to individuals reading this blog to get an understanding of how the SSAE 16 report links to an audit of financial statements more specifically under Sarbanes Oxley.  Since SAS 70 as a standard is no longer in existence, I will refer to only SSAE through the rest of this blog.

Read More