TechSecure Holdings Inc. – Latest News
ISAE 3402 will soon replace SAS 70, but has it reached the ISO/IEC 27001 Class yet?
We recently reviewed the new and improved service manager audit standard slated to supersede SAS 70 known as ISAE 3402. These audit standards are really beginning to look more and more like ISO, but it is not yet at the same level as ISO.
Additional controls should include the following:
- A10.3.2 System acceptance
- A10.9 Electronic commerce services
- A10.10.1 Audit logging
- A10.10.3 Protection of log information
- A10.10.4 Administrator and operator logs
- A10.10.5 Fault logging;
- A12.1 Security requirements of information systems
- A12.1.1 Security requirements analysis and specification
- A12.2 Correct processing in applications
- A12.4 Security of system files
- A12.5 Security in development and support processes
- A15.2.2 Technical compliance checking
At TechSecure Holdings Inc. our approach has been to take ISO/IEC 27001:2005 and integrate ISO/IEC 9001:2008 product realization methodology, incorporating Installation, Operational, Design, and Performance Qualifications to drill down to the SOP for Acceptance Criteria.
The testing and validation before formal acceptance would include some or all of the controls listed here plus more specific tests depending on results from the threat-risk assessment and any vulnerability’s discovered at that time.
If you would like to know more about our services please feel free to contact our Service Representative or Download TechSecure Technology Services Brochure at your next opportunity..Top of Page