Security Basics mailing list archives
RE: SAS70
From: "Robinson, Sonja" <SRobinson () HIPUSA com>
Date: Wed, 18 May 2005 13:14:25 -0400
I would evaluate your organization based on ISO 17799/BS7799. Those are the general practices that are audited against and that most auditors use as criteria. You can also try looking at isaca.org website. They might have something. Also ref SAS No. 94 The worst that you do I "over" audit your organization. Better that then under. You may be suprised at what you find under general IT controls. Sonja L. Robinson, CISSP, CIFI, CISA, CISM Forensic Specialist, Digital Investigations HIP Information Security Group Tel: 212-806-4125 srobinson () hipusa com -----Original Message----- From: Steve Fletcher [mailto:safletcher () insightbb com] Sent: Monday, May 16, 2005 6:05 PM To: 'Security-Basics' Subject: SAS70 I am not sure if this is the correct list for this or not, but I thought I would try this list first. Recently, I have been tasked with assisting a company with preparing their network for a SAS70 audit. Unfortunately, I am not very familiar with the requirements for SAS70. I have done some searching, but have found very limited information on what this audit covers. I know that it is primarily a financial audit including information systems, but other than that, I have not been able to find any useful information. I am sure that the network currently has security issues, but I am concerned with whether the issues I see are critical to fix prior to the SAS70 audit. Any information on what this covers would be greatly appreciated. Thanks, Steve Fletcher MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+ safletcher () insightbb com
Current thread:
- SAS70 Steve Fletcher (May 16)
- Re: SAS70 routerg (May 18)