Type II reports are similar to Type I, however, an additional section is added. Type II reports are more complete, because the auditor gives an opinion on how effective the controls operated during the defined period of the review. Type I only lists the controls, but Type II tests the efficacy of these controls to provide reasonable assurance that they are working correctly.
ITIL
ITIL is published in a series of books, each of which cover a wide range of IT management topics. ITIL gives a detailed description of the best practices of a number of important IT processes with comprehensive checklists, tasks and procedures that can be tailored to any IT organization.
ITIL is in its third revision now after its initial development in the late 1980’s. ITIL v3, published in May 2007, is comprised of five key volumes: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement.
While ITIL covers a wide range of topics on IT service management, the most widely used portion of the library is the service management set. The service management set covers topics such as service desk operation, incident management, software asset management, change management and service level management. All of these are important areas that, if implemented properly, can provide a much more stable and secure technology environment.
Any service vendor that is committed to providing ITIL training and process development will more likely to be focused on providing a superior level of service to you and your organization.
PCI DSS
PCI applies to organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any card holder data. If any customer of your company ever pays you directly using a credit card or debit card, then the PCI DSS requirements apply.
Finding a service partner that fits your organization’s needs is challenging. Talking to their current clients will give you a sense of how well the vendors works with others and how they might fit your organization. When you talk to the management staff, see if they are eager to understand your business so they can provide services that your business needs to grow and prosper.
Mike Scheuerman is an independent consultant with more than 26 years experience in strategic business planning and implementation. His experience from the computer room to the boardroom provides a broad spectrum view of how technology can be integrated with and contributes significantly to business strategy. Mike can be reached at [email protected].