The Schellman Blog
Stay up to date with the latest compliance news from the Schellman blog.
I had the privilege of attending a one day Leadership simulcast recently, and the theme was “Powered by Purpose”. It made me think, what is purpose? We hear the word often, but have we stopped to think about it? When I think of purpose – it is what defines us, drives us, and empowers us.
Generational differences speak loudly in today’s workplace as one of the main reasons for conflict at work.
Originally published at: itspmagazine.com
What keeps security professionals up at night isn’t the idea of outsider threats attacking their companies—it’s their employees. Nearly 61 percent of security leaders surveyed said their biggest issue is worrying about negligent or malicious employees, which they claim are responsible for over half of their organization’s data breaches or security incidents.
Do you find yourself having to ask a retailer whether to swipe or insert your card at the terminal these days? It has been more than a year since the Visa designated deadline of October 1, 2015 and EMV status in the United States is still greatly in limbo, affecting both consumers and businesses alike. Since this deadline has passed, the liability for fraudulent transactions shifted to the party responsible for not supporting the chip cards. For example, if a retailer doesn’t have a chip-based terminal where the fraud occurs, the retailer would be responsible. However, if the credit card issuer doesn’t provide a chip based card to the customer, the credit card issuer would be liable.
Here are five steps to help successfully prepare: 1. Validate the Nature of the Request. Does your client base understand the various SOC reporting options and what they are asking of your organization from a compliance reporting perspective? Is there a connection to internal controls over financial reporting (ICFR) of the services that you provide to your clients, or are you looking at general controls of a system that are relevant to security, availability, processing integrity, confidentiality, and/or privacy? SOC 1 can oftentimes be misused by the general public as a generic reference to third party examinations. There is misconception in the marketplace; help prevent it.
I am often asked who is responsible for determining and selecting which principle(s) will be included in the scope of the SOC 2 examination, but the answer may not always be what service organizations want to hear.
As busy season approaches for many auditors and some personal travel during the holidays, our Chief Financial Officer, PJ Sheil, provided tips for using your credit card overseas.