TOPICS >> PCAOB | Encryption | GRC | PCI DSS | Internal Audits | Data Loss Prevention | Sarbanes-Oxley
Time for a renewed focus on outsourcing compliance programs?
Some experts have discerned that regulators are taking a closer look at outsourcing arrangements these days. For many companies, the answer seems to be SAS70 II (a standard developed by the AICPA) assurances from the service provider. But a commentary on Silicon.com suggests that all companies subject to Sarbanes-Oxley in the U.S. and abroad should not assume that compliance ends if a service provider has the right certifications. This is true even if you have a captive service arrangement, on shore or off. "For these operations, there is often no service level agreement, no detailed contract, no lawyers involved and no internal audit activity." It might be a good time to review your liability here. It could be a little uncomfortable but you need to dialogue with providers about how their compliance efforts at all levels.
For more:
- here's a commentary from Silicon.com
Related Articles:
More jargon: What is a SAS Type II exam?
Software-as-a-Service and Sarbox: Good match?
SHARE WITH:
Comments
Post new comment
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2010 FierceMarkets. All rights reserved. |
 |