Infographic: Financial Services Regulatory Compliance

Brian Wood Blog

“Around 45 percent of financial services firms say they have been hit by a distributed denial of service attack over the past year.” Summary article by Fred Donovan in FierceITSecurity. Emphasis in red added by me. Brian Wood ——– Infographic: US banks struggle with regulatory compliance and risk U.S. banks and credit unions are struggling to comply with stringent regulations …

Are Your Vendors Compliant?

Brian Wood Blog

How to Assess & Manage Conduct When Outsourcing Risk management is a must for any business, even those that work with third-party vendors. Vendors are used by many businesses, including those in regulated industries such as medical and financial. With so many companies outsourcing, it’s sometimes hard to tell who is not operating in compliance with laws and regulations. What …

AIS Updates SSAE 16, ISAE 3402 Compliance Audits for 3rd Year

Brian Wood Blog, Press Releases

Third-party audits by Moss Adams confirm AIS Data Centers’ commitment to high standards for security and availability SAN DIEGO (September 9, 2014) – AIS Data Centers, the Southwest’s market leader for business-ready IT infrastructure, announced successful completion of the third consecutive update of third-party SSAE 16 and ISAE 2402 SOC 1, 2, and 3 Type 2 audits for each of …

Compliance Officers Not Involved in Cyber Security?

Brian Wood Blog

One danger of specialization is silo-ization and gaps. “Sorry, that’s not my area of responsibility; I do X. Hopefully Bob in IT has it covered.” Yeah, let’s hope. Or better yet, let’s have a single-subject meeting with all the relevant players to outline explicitly who is responsible for what. Article posted on Help Net Security. Emphasis in red added by …

SAS 70 vs. SSAE 16: What’s the Difference?

Brian Wood Blog

For years SAS 70 was touted on a number of websites for businesses offering data center services. It was the equivalent of the “Good Housekeeping” stamp of approval since its inception as a cornerstone audit in 1992. SAS 70 was retired in 2011 and in its place is SSAE 16. AIS first achieved compliance for the SSAE 16 SOC 1 as …

Data Center Change Management Considerations

Brian Wood Blog

A recent story in The Wall Street Journal about the ripple effect of technology glitches at U.S. airlines — inconveniencing thousands of travelers, spawning long airport lines, delaying or canceling flights — got me thinking. More often than not, the root cause has been said to be some sort of maintenance or software update that goes awry. This got me further thinking: …

Compliance Audits: Do They Matter? YES!

Brian Wood Blog

If you knew the FDIC did not insure your bank, would you still put your nest egg there for safekeeping? If you knew your auto’s air bag was turned off, would you continue to drive on the freeway? And lastly, if you knew your cloud service provider or hosting provider had not been through a compliance audit, would you be …

A+ AIS Phoenix BBB Rating – Yup, Still True!

Brian Wood Blog

Things to think about when evaluating data centers in Phoenix: What type of company do you want to do business with? Do you believe everything that someone tells you, or do you get it in writing and verify the facts? Are you willing to bet your reputation and career on salesperson FUD (fear, uncertainty, doubt) or do you check with …

A+ AIS San Diego BBB Rating – Verified (Again!)

Brian Wood Blog

Things to think about when evaluating data centers in San Diego: What type of company do you want to do business with? Do you believe everything that someone tells you, or do you get it in writing and verify the facts? Are you willing to bet your reputation and career on salesperson FUD (fear, uncertainty, doubt) or do you check …

Moss Adams Article on Heartbleed

Brian Wood Blog

The article below was published by Moss Adams. Protecting Yourself and Your Organization from Heartbleed by Francis Tam, Partner, and Kevin Villanueva, Senior Manager, IT Auditing & Consulting Practice The Heartbleed bug is a vulnerability found in the OpenSSL cryptographic software library that could allow the theft of normally encrypted information, such as user names and passwords. OpenSSL is an …