Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment There are two types of SSAE16 audits (Score 1) 84

In a Type 1 audit, all the auditors look for is whether the company has policies/procedures/controls in effect to obtain the objectives of the company (whatever those may be)

In a Type 2 audit, the auditors will attempt to determine whether the policies and procedures in place are being followed. Whether the controls are effective in achieving the objectives that have been stated.

I work for a software company that recently went through a Type 2 audit. In our case most of what was looked at was our SDLC (software development life cycle) process, version control, etc. They went through our work ticket system & spent a week following more than a few tickets through the entire process: code check out, work produced, QA testing, user testing, peer review, code check in. They spent several weeks over a three month period driving our internal audit & software staff nuts.

Does it mean anything? From our point of view, yes. But, not only does the audit depend on the quality of the auditors, but on the quality & detail of those process & procedure documents that they are auditing.

Slashdot Top Deals

"Well, it don't make the sun shine, but at least it don't deepen the shit." -- Straiter Empy, in _Riddley_Walker_ by Russell Hoban