Presentation: The Demise of SAS 70 - What s Next?

Size: px
Start display at page:

Download "Presentation: The Demise of SAS 70 - What s Next?"

Transcription

1 Presentatin: The Demise f SAS 70 - What s Next? September 15, Presenters: Jeffrey Ziplw - Partner BlumShapir Jennifer Gerasimv Senir Manager Delitte.

2 SAS 70 Backgrund and Overview Purpse f a SAS 70 SAS 70 Myths AICPA Trust Services SSAE 16 Terminlgy Similarities Between SAS 70 & SSAE 16 Differences Between SAS 70 & SSAE 16 SOC 2 & 3 Principles & Reprting Overview 2

3 The Demise f SAS 70 The Death f SAS 70 The Birth f SSAE 16 A Realignment f SAS 70 t SSAE 16 3

4 An auditing standard develped by the American Institute f Certified Public Accuntants (AICPA) Audit standard adpted by AICPA in 1992 End prduct is SAS 70 Reprt - With an pinin Allws 3rd Party service rganizatins t demnstrate they have adequate cntrls/safeguards Between , Limited use Sarbanes-Oxley Act f 2002 revived SAS 70 Auditing Standard Since 2002, mst widely recgnized and used internal cntrls auditing standard 4

5 SAS N. 70 prvides the requirements and guidance fr CPAs reprting n cntrls at service rganizatins and fr user auditrs auditing the financial statements f user entities that use a service rganizatin. 5

6 Type I Audit Reprt n design f cntrls Cntrls are fr a pint in time (e.g. 9/15/2010) Limited value Type II Audit Reprt n tests f perating effectiveness Cntrls tested ver an agreed perid (6 mnths) Mst rganizatins want this type f reprt 6

7 SAS 70 is prduced as a result f an audit perfrmed by a CPA t reprt n the prcessing f transactins by a service rganizatin Over time the use f a SAS 70 reprt has changed Used as a marketing tl Prvides an independent validatin/assurances f a service rganizatin t ptential clients It allws the third-party service prviders t have ne audit and share the results with all f its clients.but this was nt the riginal purpse r intentin! 7

8 The classes f transactins in the entity s peratins that are significant ifi t financial i statements. The prcedures, bth autmated and manual, by which the entity s transactins are initiated, recrded, prcessed and reprted are under the cntrl f an rganizatin separate frm the reprting entity. The ccurrence f a transactin that is included in the entity s financial statements des nt begin and cnclude under the entity s cntrl. The relevant accunting recrds, whether electrnic r manual, supprting infrmatin, and specific accunts in the financial statements invlved in initiating, recrding, prcessing and reprting the entity s transactins are under the cntrl f the utsurcer. 8

9 It s a technlgy audit nly I have t d a Type I befre a Type II It s an audit with a Pass/Fail status I nly need t d a SAS 70 Audit nce Shuld be used fr all types f service rganizatins i in all situatins i SAS 70 is a Certificatin 9

10 SysTrust WebTrust Trust Services Security Availability Prcessing Integrity Cnfidentiality Privacy 10

11 The glbalizatin f infrmatin technlgy and increase in business prcess utsurcing. A highly demanding and changing gregulatry envirnment. U.S. cnvergence with internatinal standards. Better structure with mre cnsistent standards** 11

12 Tpic Terminlgy SSAE 16 SSAE 16 Guidance Reprts n cntrls at service rganizatins will nw be perfrmed and issued under SSAE 16. A SAS 70 reprt will n lnger exist. Effective Date Perids ending n r after June 15, Scpe Specific t cvering internal cntrl ver financial reprting. Additinal Guidance AICPA Practitiner Guide issued June Practitiner guide will be usable fr bth the US and Internatinal standards and prvide infrmatin fr practitiners and service rganizatins. 12

13 New Standards d & Optins Service Org Cntrl l1 (SOC 1) SSAE16 Service auditr guidance Restricted Use Reprt (Type I r II Reprt) Purpse: Reprts n cntrls fr F/S audits Service Org Cntrl l2 (SOC 2) AT 101 Generally Restricted Use Reprt (Type (yp I r II Reprt) Purpse: Reprts n cntrls related t cmpliance r peratins Service Org Cntrl l3 (SOC 3) AT 101 General Use Reprt (w/ public seal) Purpse: Reprts n cntrls related t cmpliance r peratins Histrically SAS 70 Reprts Trust Services Principles & Criteria 13

14 Issuance f Type 1 and Type 2 reprts Management is respnsible fr the descriptin i f the system Management t specify cntrl bjectives Requirement fr management t design and implement cntrls that achieve the cntrl bjectives Disclsure f cmplementary user entity cntrls (UCCs) Carve ut and inclusive methd f reprting fr subservice rganizatins i Management t prvide representatin letter Restricted Use Reprt Ability t include infrmatin in a separate sectin (i.e. Sectin 4) 14

15 Change Result f the Change 1. Frm f Standard - Auditing Standard t an Attest Standard 2. Applicability f Reprt - Specific t internal cntrl ver financial i reprting 3. Type 2 Reprt t cver a perid rather than pint tin time 4. Cannt use prir-year evidence t determine perating effectiveness f cntrls - The pinin will nw include cverage thrughut the perid dfr design (new), implementatin ti (new), and perating effectiveness - Auditr may nt reduce tests f cntrls belw the minimum standards (AU350) based n the results frm the prir year 5. Clearly identify wrk perfrmed by Internal Audit functin in descriptin f tests f cntrls - Descriptin f tests f perating effectiveness needs t include descriptin f Internal Audit s wrk and Service Auditr s prcedures ver Internal Audit s wrk (nt applicable fr direct assistance) 15

16 Change 6. Service Auditr t investigate the nature and cause f any deviatins and whether these were caused by intentinal acts. Cannt disclaim deviatin as islated. Result f the Change - Previus standard allwed disclaiming f deviatins as islated incidents - New cnsideratin f intentinal acts 7. Identify risks that threaten the achievement f cntrl bjectives - Management needs t identify risks that are included in the evaluatin f the design f cntrls and develpment f cntrl bjectives [refer t sample at Appendix C] 8. Requirement t assess suitability f criteria - Management needs t select suitable criteria t prepare descriptin f systems and t evaluate whether cntrls have been designed, implemented and perating effectively. 9. Management is required t prvide a written assertin - Management needs t have a basis t supprt their assertin [refer t sample at Appendix A] 10. Subservice rganizatins i are required t - Inclusive subservice rganizatin i needs t als prvide an prvide a similar assertin when the assertin that is included in the reprt (inclusive methd nly) inclusive methd is used 16

17 One f the mst significant changes is the requirement fr management t prvide a written assertin Assertin will be included in the reprt - either attached t r part f the descriptin f the service rganizatin's system. Management will need t have a reasnable basis fr making the assertin. The Standards prvide sme flexibility in actual prcedures perfrmed by management. Risk Assessment-Service rganizatin management must identify risks that threaten the acheivement f the cntrl bjective. 17

18 f Assertin Level N Basis Onging Mnitring Reasnable basis fr managements assertin* Separate Evaluatins SOX Testing Example Service auditr Management reprting and ther Internal Audit testing/mnitring Management r Prcedures perfrms testing versight activities Independent regulatry exam independent and issues reprt Management risk assessment assessment f Independent risk assessment perating effectiveness Supprting Dcumentatin Nne Management mnitring dcumentatin Management risk assessment dcumentatin Regulatry reprting Internal Audit reprting Independent risk assessment results Testing evidence fr the perating effectiveness 18

19 Use f Internal Audit When using the supprt f Internal Audit fr cntrls testing, there are new requirements related t the reprting f the use f Internal Audit within Sectin 3 f the reprt. Subservice Organizatins Carve Out - It s expected that the Service Organizatin will d smething they can t just turn a blind eye. Inclusive - Subservice rganizatin has t prvide bth an assertin (t be included in the reprt) and representatin letter. User Entities / User Auditrs Educatin and ntice t user entities Ptential fr refinement f user cntracts An SOC 1 reprt is strictly fr the prcessing f transactins related t ICFR Recmmended Reading frm ISACA: New Service Auditr Standard A User Entity Perspective Changes t the SOC 1 Opinin The pinin references management s assertin and their respnsibility fr identifying risks that threaten achievement f the cntrl bjectives. The pinin des NOT include a statement n whether management had a reasnable basis fr prviding their assertin. 19

20 New Standards & Optins Service Org Service Org Service Org Cntrl 1 Cntrl 2 Cntrl 3 (SOC 1) (SOC 2) (SOC 3) SSAE16 Service auditr guidance Restricted Use Reprt (Type I r II Reprt) Purpse: Reprts n cntrls fr F/S audits AT 101 Generally Restricted Use Reprt (Type I r II Reprt) Purpse: Reprts n cntrls related t cmpliance r peratins AT 101 General Use Reprt (w/ public seal) Purpse: Reprts n cntrls related t cmpliance r peratins Trust Services Principles & Criteria 20

21 Security IT security plicy Physical access Incident management Persnnel security Security awareness and cmmunicatin Risk assessment Lgical access Envirnmental cntrls Security mnitring i User authenticatin Asset classificatin and management Systems develpment and maintenance Cnfiguratin management Change management Mnitring and cmpliance Availability Cnfidentiality Prcessing Integrity Privacy Availability plicy Backup and restratin Disaster recvery Business cntinuity management Cnfidentiality plicy Cnfidentiality f inputs Cnfidentiality f data prcessing Cnfidentiality f utputs Infrmatin disclsures (including third parties) Cnfidentiality i f Infrmatin in systems develpment System prcessing integrity plicies Cmpleteness, accuracy, timeliness, and authrizatin f inputs, system prcessing, and utputs Infrmatin tracing frm surce t dispsitin Management Ntice Chice and cnsent Cllectin Use and retentin Access Disclsure t third parties Quality Mnitring and enfrcement 21

22 SOC 2 has a similar structure and general apprach t SAS 70 / SOC 1 A SOC 2 reprt des nt need t cver prcessing related t financial reprting, nr is it intended t supprt financial reprting fr yur users. SOC 2 can be supplied t a wider audience. Intended users are management f the service rganizatin, user entities, and ther specified parties. Specified parties can be anyne wh understands the nature f the services being prvided by the service rganizatin, hw the service rganizatin perates, and internal cntrls. Mst practitiners wh have lked at SOC 2 feel it will prvide mre detail thrughut the reprt; narrative sectin, cntrl activities, tests, etc. than the existing reprts. SOC 3 allws fr unlimited distributin Public Seal and Certificatin Hwever, a SOC 3 des nt include the testing detail r descriptin f the cntrls 22

23 SOC 1 Reprt SOC 2 Reprt SOC 3 Reprt Prfessinal standard used SSAE 16 AT 101 AT 101 Used by auditrs t plan and perfrm financial audits Used by user entities t gain cnfidence and place trust in service rganizatin i systems Obtain details f the prcessing perfrmed and related cntrls, the tests perfrmed by the service auditr and results f thse tests Reprt generally available - can be freely distributed r psted n a website as a SysTrust fr Service Organizatins seal Yes N N N Yes Yes Yes Yes N N N Yes 23

24 Prvider f Clud Cmputing Services Example: Outsurced Services Nt significant frm a financial reprting standpint; therefre, SOC 1 may nt be the right ptin. Call Center Services User Organizatins may be cncerned abut handling f endcustmer infrmatin and a SOC 2 reprt may demnstrate that there are cntrls encmpassing the security, cnfidentiality, and privacy f infrmatin Medical Claims Prcessing Service Prvider A SOC 2 reprt fcused n prcessing integrity (cmpleteness, accuracy, timelines, etc.) culd prvide custmers with cmfrt regarding the cntrls ver transactins in claims prcessing. This may be prepared in additin t a SOC 1 reprt leveraging existing cntrls and testing. 24

25 Jennifer Gerasimv, MPH, CISA Senir Manager Delitte Wrk Cll Cell Jeffrey Ziplw, MBA, CISA, CGEIT Partner BlumShapir Wrk Cll Cell 25

Business Continuity Management Systems Foundation Training Course

Business Continuity Management Systems Foundation Training Course Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System

ISO Management Systems. Guidance on understanding the benefits of an ISO Management System ISO Management Systems Guidance n understanding the benefits f an ISO Management System Welcme & Intrductins 4031 University Drive, 206, Fairfax, VA 22030 3 Grant Square, 243, Hinsdale, IL 60521 www.radiancmpliance.cm

More information

Audit Committee Charter

Audit Committee Charter Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm

More information

Chapter 7 Business Continuity and Risk Management

Chapter 7 Business Continuity and Risk Management Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity

More information

TrustED Briefing Series:

TrustED Briefing Series: TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective fr audits f financial statements fr perids beginning n r

More information

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend

More information

Internal Audit Charter and operating standards

Internal Audit Charter and operating standards Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw

More information

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew

More information

CMS Eligibility Requirements Checklist for MSSP ACO Participation

CMS Eligibility Requirements Checklist for MSSP ACO Participation ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.

More information

Basics of Supply Chain Management

Basics of Supply Chain Management The Champlain Valley APICS Chapter is a premier prfessinal assciatin fr supply chain and peratins management and wrking tgether with the APICS rganizatin the leading prvider f research, educatin and certificatin

More information

Select Auditing Considerations for the 2014 Audit Cycle

Select Auditing Considerations for the 2014 Audit Cycle Select Auditing Cnsideratins fr the 2014 Audit Cycle This Alert is intended t remind member firms f certain auditing cnsideratins that may be relevant fr the 2014 audit cycle. The Alert identifies and

More information

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days ITIL V3 Planning, Prtectin and Optimizatin (PPO) Certificatin Prgram - 5 Days Prgram Overview The ITIL Intermediate Qualificatin: Planning, Prtectin and Optimizatin (PPO) Certificate is a free-standing

More information

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE AUDIT AND RISK COMMITTEE TERMS OF REFERENCE 1. TITLE OF COMMITTEE Audit and Risk Cmmittee 2. ESTABLISHMENT The Audit and Risk Cmmittee is established under Part 3 Sectin 19(1) f the Charles Darwin University

More information

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days ITIL Service Offerings & Agreement (SOA) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

SEC FLASH REPORT. June 28, 2011

SEC FLASH REPORT. June 28, 2011 SEC FLASH REPORT The Securities and Exchange Cmmissin Issues Prpsal t Strengthen Audits and Reprting f Brker-Dealers t Prtect Custmer Assets and Requests Cmments June 28, 2011 On June 15, 2011, the U.S.

More information

Session 9 : Information Security and Risk

Session 9 : Information Security and Risk INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin

More information

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview

Security Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the

More information

Financial Accountability Handbook

Financial Accountability Handbook Financial Accuntability Handbk >> Vlume 5 Reprting Systems Infrmatin Sheet 5.2 Preparatin f Financial Statements Intrductin The Financial Accuntability Act 2009 (the Act) and the Financial and Perfrmance

More information

We will record and prepare documents based off the information presented

We will record and prepare documents based off the information presented Dear Client: We appreciate the pprtunity f wrking with yu regarding yur Payrll needs. T ensure a cmplete understanding between us, we are setting frth the pertinent infrmatin abut the services that we

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review

10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review 10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic

More information

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service. FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept

More information

ITIL V3 Service Offerings and Agreements (SOA) Certification Program - 5 Days

ITIL V3 Service Offerings and Agreements (SOA) Certification Program - 5 Days ITIL V3 Service Offerings and Agreements (SOA) Certificatin Prgram - 5 Days Prgram Overview The ITIL Intermediate Qualificatin: Service Offerings and Agreements (SOA) Certificate, althugh a stand alne

More information

CHANGE MANAGEMENT STANDARD

CHANGE MANAGEMENT STANDARD The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the

More information

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

Communicating Deficiencies in Internal Control to Those Charged with Governance and Management Internatinal Auditing and Assurance Standards Bard ISA 265 April 2009 Internatinal Standard n Auditing Cmmunicating Deficiencies in Internal Cntrl t Thse Charged with Gvernance and Management Internatinal

More information

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Gvernment f Newfundland and Labradr Office f the Chief Infrmatin Officer Infrmatin Management Branch GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN Guideline (Definitin): OCIO Guidelines derive frm

More information

IN-HOUSE OR OUTSOURCED BILLING

IN-HOUSE OR OUTSOURCED BILLING IN-HOUSE OR OUTSOURCED BILLING Medical billing is ne f the mst cmplicated aspects f running a medical practice. With thusands f pssible cdes fr diagnses and prcedures, and multiple payers, the ability

More information

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant

More information

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337 HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders

More information

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department

More information

Service Request Form

Service Request Form New Prfessinal Services Order Frm Editable PDF Service Request Frm If yu have any questins while filling ut this frm, please cntact yur CDM, email Prfessinal Services at PS@swipeclck.cm, r call 888-223-3250

More information

ICD-10 Frequently Asked Questions: (resource CMS website)

ICD-10 Frequently Asked Questions: (resource CMS website) ICD-10 Frequently Asked Questins: (resurce CMS website) 1. Will ICD-9-CM cdes be accepted n claims with FROM dates f service r dates f discharge/through dates n r after Octber 1, 2015? N. ICD-9-CM cdes

More information

General Records Authority 33. Accredited Training

General Records Authority 33. Accredited Training General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION

More information

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin

More information

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain

More information

CONTRACTORS GUIDE TO DEVELOPING AN ENVIRONMENTAL PROGRAM

CONTRACTORS GUIDE TO DEVELOPING AN ENVIRONMENTAL PROGRAM CONTRACTORS GUIDE TO DEVELOPING AN ENVIRONMENTAL PROGRAM DRAFT May 2014 The Assciated General Cntractrs f America www.agc.rg Cpyright 2004 The Assciated General Cntractrs f America, Inc. The publisher

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

Appendix H. Annual Risk Assessment and Audit Plan 2013/14 Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

DALBAR Due Diligence: Trust, but Verify

DALBAR Due Diligence: Trust, but Verify BEST INTEREST INVESTMENT RECOMMENDATIONS Advisr Rle under Best Interest Regulatins January 27, 2016 In the era when the cntractual bligatin is t act in the client s best interest, investment decisins can

More information

Electronic Commerce - Effect on the Audit of Financial Statements

Electronic Commerce - Effect on the Audit of Financial Statements STATEMENT OF AUDITING PRACTICE SAP 1013 Electrnic Cmmerce - Effect n the Audit f Financial Statements This Statement f Auditing Practice was apprved by the Cuncil f the Institute f Certified Public Accuntants

More information

Cloud Services Frequently Asked Questions FAQ

Cloud Services Frequently Asked Questions FAQ Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like

More information

Personal Data Security Breach Management Policy

Personal Data Security Breach Management Policy Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner

More information

Sources of Federal Government and Employee Information

Sources of Federal Government and Employee Information Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities

More information

Mobile Telecom Expense Management

Mobile Telecom Expense Management Mbile Telecm Expense Management Quick Start Mbile Telecm Expense Management Intrductin The BT Mbile Telecm Expense Management Quick Start Service is part BT Managed Mbility Expenses* BT s suite f telecm

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care

More information

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel AL 96-7 Subject: Credit Card Preapprved Slicitatins TO: Chief Executive Officers f all Natinal Banks, Department and Divisin Heads, and all Examining Persnnel PURPOSE The purpse f this advisry letter is

More information

Customer Support & Software Enhancements Policy

Customer Support & Software Enhancements Policy Custmer Supprt & Sftware Enhancements Plicy Welcme t Manhattan Assciates Custmer Supprt Organizatin (CSO). Staying current n Custmer Supprt & Sftware Enhancements and n a supprted versin f the licensed

More information

American Recovery and Reinvestment Act Reporting Policy

American Recovery and Reinvestment Act Reporting Policy American Recvery and Reinvestment Act Reprting Plicy Updated May 2010 1 I. Backgrund On February 17, 2009, President Barack Obama signed the American Recvery and Reinvestment Act f 2009 (ARRA) int law.

More information

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts NAIC Replacement Requirements Fr Certain Life Insurance Plicies And Annuity Cntracts Duties f Prducers If a transactin invlves a replacement, the prducer must leave with the applicant, at the time an applicatin

More information

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015

GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015 GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER Mst Recently Amended: December 8, 2015 Purpse The purpse f the Audit Cmmittee is t assist the Bard f Directrs f General Mtrs Cmpany in its versight f the

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Infrmatin Security Incident Respnse Plan Agency: Date: Cntact: 1 TABLE OF CONTENTS Intrductin... 3 Authrity... 4 Terms and Definitins... 4 Rles and Respnsibilities... 5 Prgram... 6 Educatin and Awareness...

More information

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...

More information

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff

More information

Electronic Data Interchange (EDI) Requirements

Electronic Data Interchange (EDI) Requirements Electrnic Data Interchange (EDI) Requirements 1.0 Overview 1.1 EDI Definitin 1.2 General Infrmatin 1.3 Third Party Prviders 1.4 EDI Purchase Order (850) 1.5 EDI PO Change Request (860) 1.6 Advance Shipment

More information

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse

More information

Captive outsourcing models

Captive outsourcing models Captive utsurcing mdels India TP hygiene wrkshp Presenter: Vishnu Bagri Octber 23, 2013 2013 Transfer Pricing Assciates Hlding B.V. BACKDROP + India has evlved as a premier utsurcing hub fr IT, ITES, engineering

More information

Revised October 27, 2011 Page 1 of 6

Revised October 27, 2011 Page 1 of 6 Keystne STARS Accreditatin Applicatin Philsphy The Keystne STARS prgram is Pennsylvania s QRIS which began in 2002. There are fur quality levels frm STAR 1 t STAR 4, each level building n the prir levels;

More information

Oracle Cloud Enterprise Hosting and Delivery Policies

Oracle Cloud Enterprise Hosting and Delivery Policies Oracle Clud Enterprise Hsting and Delivery Plicies Statement f Changes Versin 1.5, 6/01/2015 This dcument utlines changes made t the Oracle Clud Enterprise Hsting and Delivery Plicies dated December 1,

More information

Creating an Ethical Culture and Protecting Your Bottom Line:

Creating an Ethical Culture and Protecting Your Bottom Line: Creating an Ethical Culture and Prtecting Yur Bttm Line: Best Practices fr Crprate Cdes f Cnduct Nte: The infrmatin belw and all infrmatin n this website is nt meant t be taken as legal advice. Please

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

Vendor Management. Federal Deposit Insurance Corporation Division of Risk Management Supervision Atlanta Regional Office.

Vendor Management. Federal Deposit Insurance Corporation Division of Risk Management Supervision Atlanta Regional Office. Vendr Management Federal Depsit Insurance Crpratin Divisin f Risk Management Supervisin Atlanta Reginal Office June 18, 2014 1 Agenda Intrductin Vendr Management Overview Regulatry Expectatins Bard and

More information

The Ohio Board of Regents Credit When It s Due process identifies students who

The Ohio Board of Regents Credit When It s Due process identifies students who Credit When It s Due/ Reverse Transfer FAQ fr students Ohi is participating in a natinal grant initiative, Credit When It s Due, designed t implement reverse-transfer, which is a prcess t award assciate

More information

Issue Brief. SBC Distribution Rules for Employer Sponsored Health Plans October 2012. Summary. Which Plans Are Required to Provide the SBC?

Issue Brief. SBC Distribution Rules for Employer Sponsored Health Plans October 2012. Summary. Which Plans Are Required to Provide the SBC? Issue Brief SBC Distributin Rules fr Emplyer Spnsred Health Plans Octber 2012 Summary The Affrdable Care Act (ACA) expands ERISA's disclsure requirements by requiring that a summary f benefits and cverage

More information

Gravesham Borough Council

Gravesham Borough Council Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager

More information

expertise hp services valupack consulting description security review service for Linux

expertise hp services valupack consulting description security review service for Linux expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS

More information

.100 POLICY STATEMENT

.100 POLICY STATEMENT Treasury Management Operatins Sectin: Treasury Management Number: 105.100 Title: Treasury Management Operatins POLICY Index.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE

More information

STANDARDISATION IN E-ARCHIVING

STANDARDISATION IN E-ARCHIVING STANDARDISATION IN E-ARCHIVING R E Q U I R E M E N T S A N D C O N T R O L S F O R D I G I T I S AT I O N A N D E - A R C H I V I N G S E R V I C E P R O V I D E R S Alain Wahl 1 Requirements and cntrls

More information

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy

More information

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014 State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy. Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive

More information

April 2011. In addition, we encounter valuation practices that present concerns in certain contexts, including:

April 2011. In addition, we encounter valuation practices that present concerns in certain contexts, including: April 2011 We wanted t take the pprtunity prvided by the AICPA s recent release f the expsure draft Practice Aid t share with ur clients and friends sme bservatins and best practice suggestins n this tpic.

More information

Process of Setting up a New Merchant Account

Process of Setting up a New Merchant Account Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am

More information

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation TO: FROM: HR Officers & Human Resurces Representatives Chris Chirn, Interim Senir Directr, Emplyee & Management Relatins Jessica Mre, Senir Directr, Classificatin & Cmpensatin DATE: May 26, 2015 RE: Annual

More information

Using PayPal Website Payments Pro UK with ProductCart

Using PayPal Website Payments Pro UK with ProductCart Using PayPal Website Payments Pr UK with PrductCart Overview... 2 Abut PayPal Website Payments Pr & Express Checkut... 2 What is Website Payments Pr?... 2 Website Payments Pr and Website Payments Standard...

More information

Merchant Processes and Procedures

Merchant Processes and Procedures Merchant Prcesses and Prcedures Table f Cntents EXHIBIT C 1. MERCHANT INTRODUCTION TO T-CHEK 3 1.1 Wh is T-Chek Systems? 3 1.2 Hw t Cntact T-Chek Systems 3 1.3 Hw t Recgnize T-Chek Frms f Payment 3 1.3.1

More information

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released

Version Date Comments / Changes 1.0 January 2015 Initial Policy Released Page 1 f 6 Vice President, Infrmatics and Transfrmatin Supprt APPROVED (S) REVISED / REVIEWED SUMMARY Versin Date Cmments / Changes 1.0 Initial Plicy Released INTENT / PURPOSE The Infrmatin and Data Gvernance

More information

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins

More information

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus

More information

Business Plan Overview

Business Plan Overview Business Plan Overview Organizatin and Cntent Summary A business plan is a descriptin f yur business, including yur prduct yur market, yur peple and yur financing needs. Yu shuld cnsider that a well prepared

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

Practical Ways to Improve the Exercise and Documentation of Professional Skepticism in an ISA Audit. May 2013

Practical Ways to Improve the Exercise and Documentation of Professional Skepticism in an ISA Audit. May 2013 Practical Ways t Imprve the Exercise and Dcumentatin f Prfessinal Skepticism in an ISA Audit May 2013 This paper was prepared by Auditing and Assurance staff at the Chartered Prfessinal Accuntants f Canada

More information

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This

More information

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries Revisin 1.5 August 4, 2015 A96 CALA Plicy n the use f Cmputers in Accredited Labratries TABLE OF CONTENTS TABLE OF CONTENTS... 1 CALA POLICY

More information

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc. HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

Texas Woman's University University Policy Manual

Texas Woman's University University Policy Manual Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

In-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future

In-House Counsel Day Priorities for 2012. Cloud Computing the benefits, potential risks and security for the future In-Huse Cunsel Day Pririties fr 2012 Clud Cmputing the benefits, ptential risks and security fr the future Presented by David Richardsn Thursday 1 March 2012 WIN: What in-huse lawyers need Knwledge, supprt

More information

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028

More information