The trend towards outsourcing of services, infrastructure, and applications is increasing the requirement for service providers to be able to provide "third party assurance/attestation" (proof) to their security posture.
- Organizations providing services need to be able to demonstrate competence in order to be trusted.
- Organizations utilizing services need assurances that the organization that is handling their sensitive data is treating it in a manner consistent with their requirements and/or relevant laws and regulations.
Assurance (attestation) activities may be as simple as a Penetration Test or as complex and costly as a SAS-70 Type II Service Auditors Report. Selecting the best approach to demonstrate "trustworthiness" is critical to both the service provider and services consumer.
If we can be of assistance in selecting the optimum approach, feel free to call us at 888-PivotPoint and ask to speak with our Practice Area Manager or send us an email.