Managing Risk, Compliance, and Legal Hurdles in Your MSP & Cloud Prac;ce
Size: px
Start display at page:

Download "Managing Risk, Compliance, and Legal Hurdles in Your MSP & Cloud Prac;ce"

Transcription

1 March 21-22, 2013 Orlando March World 21-22, Center 2013 Orlando Marrio8 World Orlando, Center MarrioD Florida Orlando, Florida Managing Risk, Compliance, and Legal Hurdles in Your MSP & Cloud Prac;ce

2 Julie Machal- Fulks Partner ScoD & ScoD, LLP

3 March 21-22, 2013 Orlando World Center MarrioD Orlando, Florida Cody Griffin Partner Frost, PLLC #MSPNews

4 Risk comes from not knowing what you re doing. Warren Buffet

5 What Struggles Are MSPs Facing? How to protect data covered by regulaxons governing financial insxtuxons and privacy protecxon laws How to sell services compexxvely and make a profit without running afoul of licensing requirements How to respond to audit and compliance requests from publishers and customers

6 Data Privacy and ProtecXon Pi\alls VerXcals like health care and financial services require protecxon of data stored or managed by an MSP MSPs o^en struggle with regulatory requirements like: When is a BAA required? What safeguards must be in place on managed servers How to ensure customers do not provide unnecessary access to protected data Who is responsible for collecxng data and paying when a customer experiences a data breach

7 So^ware License Audits So^ware publishers are focusing on hosxng providers Microso^ and other publishers have special licensing models for MSPs These licensing terms are o^en unclear Third- party auditors interpret the data in the light most favorable to the publisher The look- back period is usually 2-3 years

8 So^ware License Audit Demands In some instances, the required license fees consume the revenue generated from the hosxng acxvixes Demands from Microso^ and other publishers can reach millions of dollars TradiXonal business negoxaxons are o^en not effecxve

9 Lowering The Risks Research requirements for your clients and help educate them, if necessary Fully understand the license requirements affecxng you Make sure that aggressive pricing models sxll allow for unforeseen risks Secure insurance to cover as many risks as possible

10 Avoiding Costly Mistakes Train employees not to respond to any legal or compliance request without escalaxng to management Involve insurance carrier for all claims that may be covered by insurance Analyze potenxal financial exposure before responding to an audit request

11 Why do we need standards? Managed Services is an unregulated profession MSPs can say and do anything with lidle or no oversight End- users don't have effecxve tools to select MSPs Only by self- regulaxon can MSPs protect themselves and determine their own future

12 What compliance / audits are available? Unified CerXficaXon Standard for Cloud and Managed Service Providers (UCS) SSAE 16 ISAE 3402 ISO ITIL COBIT

13 UCS Developed by MSPAlliance For Cloud, Managed Service Providers, and HosXng FaciliXes Based on 10 Control ObjecXves Audit performed by Independent Public AccounXng Firm Public Report Issued CerXfied by MSPAlliance ExisXng IT standards DO NOT address the unique operaxonal aspects of managed services and cloud providers. The UCS DOES!

14 UCS Control ObjecXves Provider OrganizaXon, Governance, Planning and Risk Management Privacy Documented Policies and Procedures Data Integrity Service & Program Change Management Physical and Environmental Security Event Management Service Level Agreements, Customer ReporXng and Billing Logical Security Financial Health

15 UCS Audit Process Complete UCS ApplicaXon MSPAlliance consulxng and audit preparaxon Independent audit fieldwork and report preparaxon CerXficaXon and Report Issuance from MSPAlliance

16 Benefits of Compliance Standardized audits Free ConsulXng!!! Designed for MSPs and Cloud Providers 2 levels of audit assurance EffecXve Sales/MarkeXng Report Offers 3rd party public audit report InternaXonally accepted Industry StandardizaXon Best way to prove you are doing what you say you are doing!

Similar documents

MSP & Cloud Certification. The Ultimate Managed Services Best Practice Roadmap

MSP & Cloud Certification. The Ultimate Managed Services Best Practice Roadmap MSP & Cloud Certification The Ultimate Managed Services Best Practice Roadmap What we will cover Why we need MSP/Cloud standards The UCS Difference UCS Audit Process What's in it for you? Take the first

More information

How to Build a NOC & Help Desk Without Going Broke!

How to Build a NOC & Help Desk Without Going Broke! How to Build a NOC & Help Desk Without Going Broke! By Charles Weaver, CEO of MSPAlliance Sponsored by Summary & Objectives For companies getting into cloud or managed services, one inescapable obstacle

More information

Managed Services Contract Negotiation: How to Win More Business While Staying Safe!

Managed Services Contract Negotiation: How to Win More Business While Staying Safe! March 26 28, 2014 Orlando March World 26 28, Center 2014 Orlando Marriott World Orlando, Center Marriott Florida Orlando, Florida Managed Services Contract Negotiation: How to Win More Business While Staying

More information

Adding Cloud Solutions to Customer Contracts Robert J. Scott

Adding Cloud Solutions to Customer Contracts Robert J. Scott Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services

More information

Managed Services. Your 10-Week Guide to Becoming an MSP

Managed Services. Your 10-Week Guide to Becoming an MSP Managed Services Your 10-Week Guide to Becoming an MSP Managed services is one of the fastest-growing segments in IT services. U.S. revenues associated with the managed services market are predicted to

More information

Making Money with Cloud: Is it just a catchphrase?

Making Money with Cloud: Is it just a catchphrase? March 21-22, 2013 Orlando March World 21-22, Center 2013 Orlando Marrio8 World Orlando, Center MarrioD Florida Orlando, Florida Making Money with Cloud: Is it just a catchphrase? Ron Culler CTO Secure

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview

More information

5 Questions to ask a 3 rd Party Cloud Provider

5 Questions to ask a 3 rd Party Cloud Provider Effective Data, Inc. White Paper: 5 Questions to ask a 3 rd Party Cloud Provider By Timothy Wightman 1515 E. Woodfield Rd. Suite 200 Schaumburg, IL 60173 Tel (847) 969-9300 Fax (847) 969-9350 www.effective-data.com

More information

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards

SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards A Member of OneBeacon Insurance Group SSAE 16 & SAS 70 A Primer on Changes to Service Organization Audit Standards Author: Jack Fletcher, Risk Control Technology Specialist Published: November 2014 Executive

More information

Secure Cloud Hosting for Healthcare Organizations

Secure Cloud Hosting for Healthcare Organizations Secure Cloud Hosting for Healthcare Organizations OUR MISSION FIREHOST MISSION Our core is an unshakable, no compromise commitment to protect our customer's digital assets with integrity and innovation

More information

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016 Understanding SOC Reports for Effective Vendor Management Jason T. Clinton January 26, 2016 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2012 Wolf & Company, P.C. Before we

More information

Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers

Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye

More information

UCS Level 2 Report Issued to

UCS Level 2 Report Issued to UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP

G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP G24: Audits of Controls at a Service Organization: New Standards SSAE 16 and ISAE 3402 Duff Donnelly and Jeffrey Spivack, Grant Thornton LLP Audits of controls at a service organization Roadmap to the

More information

Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers

Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers Weighing in on the Benefits of a SAS 70 Audit for Payroll Service Providers With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener eye

More information

The Hidden Risks: Managing Risks in Outsourcing Relationships. Bruce Jones Global IT Security, Compliance & Risk Manager Eastman Kodak Company

The Hidden Risks: Managing Risks in Outsourcing Relationships. Bruce Jones Global IT Security, Compliance & Risk Manager Eastman Kodak Company The Hidden Risks: Managing Risks in Outsourcing Relationships Brian O Connor Chief Security & Privacy Officer Eastman Kodak Company Bruce Jones Global IT Security, Compliance & Risk Manager Eastman Kodak

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,

More information

Salesforce.com and the financial services sector

Salesforce.com and the financial services sector Don t be clouded by the cloud: Salesforce.com and the financial services sector Martijn Simons Account Executive Financial Services @Martijn_On_Line In//martijn-simons Lien Ceulemans Corporate legal counsel

More information

The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011

The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011 The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011 Table of Contents A Short History of SAS 70 Overview of SSAE 16 and ISAE 3402

More information

9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania

9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania Evaluating and Managing Third Party IT Service Providers Are You Really Getting The Assurance You Need To Mitigate Information Security and Privacy Risks? Kevin Secrest IT Audit Manager, University of

More information

Introduction...3. Ethics...3. Impartiality...4. Understanding the Law & Regulation...4. Confidentiality...5. Disclosure...6

Introduction...3. Ethics...3. Impartiality...4. Understanding the Law & Regulation...4. Confidentiality...5. Disclosure...6 Table of Contents Introduction...3 Ethics...3 Impartiality...4 Understanding the Law & Regulation...4 Confidentiality...5 Disclosure...6 Managed Services Expertise...6 Process, Process, Process...7 Bring

More information

Cybersecurity and the AICPA Cybersecurity Attestation Project

Cybersecurity and the AICPA Cybersecurity Attestation Project Cybersecurity and the AICPA Cybersecurity Attestation Project Chris Halterman Executive Director EY Chair AICPA Trust Information Integrity Task Force 2 October 2015 Increasing awareness of cybersecurity

More information

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com Cloud Computing Risks & Reality Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com What is Cloud Security The quality or state of being secure to be free from danger & minimize risk To be protected from

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations

MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS. Nick Harrahill PayPal Global Security Operations MAINTAINING COMPLIANCE AND MANAGING RISK IN OUTSOURCED ENGAGEMENTS Nick Harrahill PayPal Global Security Operations AGENDA Inception of an engagement The legal agreement Assessing the risk Customer call

More information

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA/CITP, Partner at RubinBrown, LLP Janis Parthun, CPA/CITP, Sr. Technical Manager

More information

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report

Service Organization Controls. Managing Risks by Obtaining a Service Auditor s Report Service Organization Controls Managing Risks by Obtaining a Service Auditor s Report Contributing Authors Audrey Katcher, CPA, CITP, Partner at RubinBrown, LLP Janis Parthun, CPA, CITP, Sr. Technical Manager

More information

Isaac Willett April 5, 2011

Isaac Willett April 5, 2011 Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act

More information

SOC Readiness Assessments. SOC Report - Type 1. SOC Report - Type 2. Building Trust and Confidence in Third-Party Relationships

SOC Readiness Assessments. SOC Report - Type 1. SOC Report - Type 2. Building Trust and Confidence in Third-Party Relationships Building Trust and Confidence in Third-Party Relationships Today s businesses rely heavily on outsourcing certain business tasks or functions to service organizations, even those that are core to their

More information

Harness Enterprise Risks With Oracle Governance, Risk and Compliance

Harness Enterprise Risks With Oracle Governance, Risk and Compliance Hardware and Software Engineered to Work Together Harness Enterprise Risks With Oracle Governance, Risk and Compliance Is the plethora of financial, operational and regulatory policies and mandates overwhelming

More information

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda

More information

Core Fittings C-Core and CD-Core Fittings

Core Fittings C-Core and CD-Core Fittings

More information

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

Hot Topics in IT. CUAV Conference May 2012

Hot Topics in IT. CUAV Conference May 2012 Hot Topics in IT CUAV Conference May 2012 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

More information

VMware vcloud Air Security TECHNICAL WHITE PAPER

VMware vcloud Air Security TECHNICAL WHITE PAPER TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects

More information

Our Commitment to Information Security

Our Commitment to Information Security Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as

More information

Enterprise Software Licensing

Enterprise Software Licensing Enterprise Software Licensing Presented by Julie Machal Fulks Partner Scott & Scott, LLP www.scottandscottllp.com Agenda Licensing Models Historic, Copy-centric metrics Modern, Infrastructure-centric metrics

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

The New Normal: The Expanding Role of Technology Providers in Payment Processing. Pete S. Johnson

The New Normal: The Expanding Role of Technology Providers in Payment Processing. Pete S. Johnson The New Normal: The Expanding Role of Technology Providers in Payment Processing Pete S. Johnson Recent Market Trends Affecting Role of Technology Providers Transition Brick and Mortar ecommerce Mobile

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

Information Technology Internal Controls Part 2

Information Technology Internal Controls Part 2 IT Controls Webinar Series Information Technology Internal Controls Part 2 Presented by the Arizona Office of the Auditor General October 23, 2014 Part I Overview of IT Controls and Best Practices Part

More information

(NW & IT) Security: A Global Provider s Perspective

(NW & IT) Security: A Global Provider s Perspective ECTA Regulatory Conference 2006 Workshop Data Protection, Retention and Security Issues in the Electronic Communications (NW & IT) Security: A Global Provider s Perspective 15 November 2006, Brussels Marcel

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Strategies for Profitable Growth Ray Wright, Kaseya Dan Schlegel, Artemis IT

Strategies for Profitable Growth Ray Wright, Kaseya Dan Schlegel, Artemis IT Strategies for Profitable Growth Ray Wright, Kaseya Dan Schlegel, Artemis IT Agenda Dan Schlegel Artemis IT Managed Services Market EvoluFon Kaseya Annual Pricing Survey Driving Higher Growth Strategies

More information

Goodbye, SAS 70! Hello, SSAE 16!

Goodbye, SAS 70! Hello, SSAE 16! Goodbye, SAS 70! Hello, SSAE 16! A Session to Provide Insight on the New Standard and What Service Providers and End-Users Need to Know January 3, 2012 Agenda Introduction Background on what was SAS 70

More information

SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports

SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports SERVICE ORGANIZATION CONTROL REPORTS SM Formerly SAS 70 Reports SAS No. 70, Service Organizations Standard for reporting on a service organization s controls affecting user entities financial statements

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed

More information

Hillary Clinton Email Incident: Five Lessons Learned for Information Governance

Hillary Clinton Email Incident: Five Lessons Learned for Information Governance Hillary Clinton Email Incident: Five Lessons Learned for Information Governance Soo Y Kang, IGP, CIPP/US General Counsel / Director, Consulting Division Zasio Enterprises, Inc. March 2015 June 2015 Article

More information

Compliance Managment Platform

Compliance Managment Platform Compliance Managment Platform Compliance Solutions for the Title & Settlement Industry Compliance Readiness Sustain your competitive advantage Lenders and regulators are mandating compliance as a core

More information

Securing the Cloud Infrastructure

Securing the Cloud Infrastructure EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,

More information

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

The OCR Audit Protocol a first look

The OCR Audit Protocol a first look The OCR Audit Protocol a first look On June 26, 2012, the Office for Civil Rights published its Audit Protocols for HIPAA Security, HIPAA Breach and Privacy at http://ocrnotifications.hhs.gov/hipaa.html.

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net

Buyer s Guide. Buyer s Guide to Secure Cloud. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.net Buyer s Guide to Secure Cloud Buyer s Guide to Secure Cloud An executive guide to outsourcing IT infrastructure and data storage using Private Cloud as the foundation. Executives derive much confidence

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Six Secrets to Negotiating Managed Services Agreements Presented by: Julie Machal Fulks

Six Secrets to Negotiating Managed Services Agreements Presented by: Julie Machal Fulks Six Secrets to Negotiating Managed Services Agreements Presented by: Julie Machal Fulks Legalese What is it? Legalese Example I am herewith returning the requested document outlining the aforementioned

More information

Private vs. Public Cloud Solutions

Private vs. Public Cloud Solutions Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper

More information

METANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April

METANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April Data Centre Quality and Security Enterprise Security Management METANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April Corporate Security & Risk Group (CSRG) Interoute

More information

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

About the Presenter. Presentation Objectives. SaaS / Cloud Computing Risk Management AICPA Attest Alternatives

About the Presenter. Presentation Objectives. SaaS / Cloud Computing Risk Management AICPA Attest Alternatives SaaS / Cloud Computing Risk Management AICPA Attest Alternatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter

More information

Computer Security Auditing

Computer Security Auditing Computer Security Auditing Fundamentals of A Security Audit Bill Hayes - Omaha World Herald Company Computer Security Audits Security Audit Definition Security Policies Security Audit Standards Security

More information

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL JANUARY 2013 TABLE OF CONTENTS Introduction... 1 Before the Three Lines: Risk Management Oversight and Strategy-Setting...

More information

A Case for Managed IT Services

A Case for Managed IT Services A Case for Managed IT Services How Community Banks Can Stabilize Information Technology And Assure Bank Examination Readiness Inside this White Paper Bank s Strategic Advantages Top Reasons to Hire MSP

More information

Call Centers and the Cloud

Call Centers and the Cloud Call Centers and the Cloud 2 Call Centers and the Cloud Call centers may be one of the highest benefited industries from the cloud. Cloud computing has become an instrumental part within many different

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Compliance, Audits and Fire Drills: In the Way of Real Security?

Compliance, Audits and Fire Drills: In the Way of Real Security? Compliance, Audits and Fire Drills: In the Way of Real Security? Mark Estberg and John Howie Microsoft Corporation Session ID: SP01-203 Session Classification: Intermediate Introduction Microsoft s Global

More information

Why can you trust Google?

Why can you trust Google? Why can you trust Google? Przemek Sienkiewicz Head of Enterprise CEE, Russia & CIS Why is Security So Tough? Data Problem: Users want to access their data anytime, from anywhere 60% 1-out-of-10 66% of

More information

Cloud Computing and HIPAA Privacy and Security

Cloud Computing and HIPAA Privacy and Security Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &

More information

Third party assurance services

Third party assurance services TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent

More information

StratusLIVE for Fundraisers Cloud Operations

StratusLIVE for Fundraisers Cloud Operations 6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace

More information

SECURITY AND EXTERNAL SERVICE PROVIDERS

SECURITY AND EXTERNAL SERVICE PROVIDERS SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

COMMUNICATIONS ALLIANCE LTD

COMMUNICATIONS ALLIANCE LTD COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE

More information

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP 2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug

More information

What does HIPAA Compliant mean? Session 137 April 15, 2015

What does HIPAA Compliant mean? Session 137 April 15, 2015 What does HIPAA Compliant mean? Session 137 April 15, 2015 Dana DeMasters, MN, RN, CHPS Privacy/Security Officer Liberty Hospital Tom Walsh, CISSP President & CEO tw-security DISCLAIMER: The views and

More information

{Moving to the cloud}

{Moving to the cloud} {Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have

More information

AVANTGARD PREDICTIVE METRICS WHITE PAPER HOW STATISTICAL MODELS CAN HELP NAVIGATE THE FUTURE OF MEDICAL DEBT COLLECTIONS

AVANTGARD PREDICTIVE METRICS WHITE PAPER HOW STATISTICAL MODELS CAN HELP NAVIGATE THE FUTURE OF MEDICAL DEBT COLLECTIONS AVANTGARD PREDICTIVE METRICS WHITE PAPER HOW STATISTICAL MODELS CAN HELP NAVIGATE THE FUTURE OF MEDICAL DEBT COLLECTIONS Introduction In the US, providers are seeing their debt accumulate due to regulation

More information

Past vs. Present: Third Party Risk

Past vs. Present: Third Party Risk Past vs. Present: Third Party Risk Kevin O Sullivan and Hicham Chahine 3 rd Party Risk, Crowe Horwath LLP April 30th, 2015 Agenda Drivers pushing Third Party Risk Past vs. Present Events and Trends Vendor

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security

Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)

More information

Cloud Computing: Compliance and Client Expectations

Cloud Computing: Compliance and Client Expectations Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security

More information

The Keys to the Cloud: The Essentials of Cloud Contracting

The Keys to the Cloud: The Essentials of Cloud Contracting The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb

More information

Auditing Software as a Service (SaaS): Balancing Security with Performance

Auditing Software as a Service (SaaS): Balancing Security with Performance Auditing Software as a Service (SaaS): Balancing Security with Performance Goals for Today Defining SaaS (Software as a Service) and its importance Identify your company's process for managing SaaS solutions

More information

Results Oriented Change Management

Results Oriented Change Management Results Oriented Change Management Validating Change Policy through Auditing Abstract Change management can be one of the largest and most difficult tasks for a business to implement, monitor and control

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information