-
SOC Report Selection & Evaluation Aids
With the SAS 70 phasing out on 6/15, financial institutions have a dual challenge; determining the best report to request, and evaluating the report they are provided. To assist with this challenge, I’ve created two documents. The first, or Step 1, is a SOC Selection Flowchart, which is available here. This will assist in determining…
-
Top 5 Compliance Trends for 2011 – Part 3
What do Social Media, Cloud Computing, Virtualization, Data Vaulting, Mobile Banking, and Core Services have in common? For most community financial institutions, all these products or technologies involve outsourcing, either wholly or in part. When it comes to offering the latest products and services, outsourcing allows even the smallest institution to compete with the largest. …
-
SSAE 16 replaces SAS 70 (…sort of) – UPDATE 2
In my last post I indicated that the AICPA would have additional guidance on this topic this fall. It appears that we may now have to wait until early 2011. According to this document from the AICPA, “The existing (AICPA Audit) guide is being overhauled and rewritten to reflect the requirements and guidance in SSAE…
-
Ask the Guru: Do We Need to Perform a review on a New Vendor in a Foreign Country?
Hey Guru! Our institution works with a third-party that has recently engaged with a company in a foreign county to begin assisting them in taking care of our institution’s IT matters. Do we need to perform a review on this new foreign third-party? When evaluating this situation, the first step is to understand the parties…