RE: SAS70

["Steve Fletcher" <safletcher () insightbb com>]

I found that site, but unfortunately, it didn't seem too helpful to me.

The biggest part of the problem has been that the whole idea of the SAS70
has taken me a while to accept.  I don't see the point in being able to
choose what you are audited on.  But, that is apparently how it works.....

I have received a number of helpful emails from people on this list.  I must
say, I appreciate the help I have received from all of you, both on list and
off.

Thanks,

Steve Fletcher
MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+
safletcher () insightbb com

-----Original Message-----
From: cel0x [mailto:celox () cyber-war org] 
Sent: Tuesday, May 17, 2005 1:52 AM
To: Steve Fletcher; security-basics () securityfocus com
Subject: Re: SAS70

Hope this helps:
www.sas70.com/about.htm

----- Original Message ----- 
From: "Steve Fletcher" <safletcher () insightbb com>
To: "'Security-Basics'" <security-basics () securityfocus com>
Sent: Tuesday, May 17, 2005 12:05 AM
Subject: SAS70


> I am not sure if this is the correct list for this or not, but I thought I
> would try this list first.
>
> Recently, I have been tasked with assisting a company with preparing their
> network for a SAS70 audit.  Unfortunately, I am not very familiar with the
> requirements for SAS70.  I have done some searching, but have found very
> limited information on what this audit covers.  I know that it is 
> primarily
> a financial audit including information systems, but other than that, I 
> have
> not been able to find any useful information.
>
> I am sure that the network currently has security issues, but I am 
> concerned
> with whether the issues I see are critical to fix prior to the SAS70 
> audit.
> Any information on what this covers would be greatly appreciated.
>
> Thanks,
>
> Steve Fletcher
> MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+
> safletcher () insightbb com