Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: There are two types of SSAE16 audits (Score 1) 84

by fleetwood (#38768070) Attached to: Do Data Center Audits Mean Anything?

In a Type 1 audit, all the auditors look for is whether the company has policies/procedures/controls in effect to obtain the objectives of the company (whatever those may be)

In a Type 2 audit, the auditors will attempt to determine whether the policies and procedures in place are being followed. Whether the controls are effective in achieving the objectives that have been stated.

I work for a software company that recently went through a Type 2 audit. In our case most of what was looked at was our SDLC (software development life cycle) process, version control, etc. They went through our work ticket system & spent a week following more than a few tickets through the entire process: code check out, work produced, QA testing, user testing, peer review, code check in. They spent several weeks over a three month period driving our internal audit & software staff nuts.

Does it mean anything? From our point of view, yes. But, not only does the audit depend on the quality of the auditors, but on the quality & detail of those process & procedure documents that they are auditing.

The reason computer chips are so small is computers don't eat much.

Working...