 IT
Audit & Assurance Services
SAS
70 Is Dead: Hello Better Cloud Governance?
(External Link)
WHITE
PAPER
What’s
Next after SAS 70?
What User Entities Need to Know
about Managing Outsourcing and Cloud Risks
Daniel Schroeder, HA&W Partner
GAPP
Targets Privacy Risks - Principles provide a comprehensive,
scalable framework for managing compliance and reputation
threats
(External Link)
The more IT is
leveraged, the greater the risk it represents. You need
to be able to trust that your IT services are cost-effective,
secure, reliable, and compliant with regulatory or your
clients’ requirements. HA&W will help you answer
the “trust” question so you and your stakeholders
have the confidence to support your business goals.
Our areas of
focus and expertise include the following:
- IT
Governance/IT for Enterprise Risk Management.
Many companies are caught up in a tangle of IT controls
and not sure if they are all necessary. HA&W helps
companies understand all their IT related risks; including
those from third parties, and compliance rquirements and
then deploy right-sized cost-effective approaches to control
these risks. Benefits include significantly reduced effort
and fees associated with testing controls, and more confidence
that all risks are identified and controlled consistent
with their inherent risk.
- Service
Organization Controls (SOC): SAS 70/SSAE 16 and attestation
for Security, Privacy, Confidentiality, Processing Integrity
and Availability. We will help you consider
the reporting alternatives and work with you to issue
a report that is best suited to your business.
- Security
& Privacy. HA&W will help you identify
security weaknesses related to management practices and
network design and management. Our knowledgeable professionals
can help you navigate the gauntlet of regulatory compliance
requirements specific to your industry while installing
foundational frameworks to ease your on-going compliance
efforts.
- IT
Due Diligence and Project Management to Improve Business
Performance. We will help you through the risky
and complicated process of upgrading or replacing your
business applications and supporting infrastructure to
improve business performance and reduce costs.
- Network
and Security Vulnerability Assessments. HA&W
will evaluate network, system, and web-based security
threats and vulnerabilities to determine whether your
high-value accounts and information can be readily compromised.
- Data
Assurance and Attestation. We will help you
design and deploy comprehensive, sustainable, and cost-effective
data assurance solutions that minimize risks of data leakage
even while streamlining business processes.
-
IT Audit/IT Internal Audit. We will provide you
with accurate insight into the risks and opportunities
inherent in any level of your IT infrastructure, at the
level of the application or business system, the operating
system, and the database.
- Privacy
Management. HA&W will help you manage
your privacy risks through a full range of privacy management
services, including privacy strategic and business planning,
privacy gap and risk analysis, benchmarking, privacy policy
design and implementation, performance measurement, and
independent verification of privacy controls, which includes
attestation engagements.
- Payment
Card Industry (PCI) Compliance.
HA&W professionals will assist you every step
of the way, from completing a Payment Card Industry Data
Security Standard Self Assessment Questionnaire (PCI-DSS-SAQ)
to assistance with an assessment by a Qualified Security
Assessor (QSA). We are experienced with Level 1, 2 and
3 merchants as well as large PCI service providers and
offer turnkey compliance project management, from the
initial data discovery efforts to securing the final Report
on Compliance (ROC).
|
