Each certification underscores a strong VeriSign commitment to making security a central focus of its development efforts and protecting the safety and integrity of customer data. Visa CISP is a set of 12 industry-wide requirements designed to protect sensitive information from being compromised. As part of the certification process, VeriSign employed an independent, Visa-qualified, auditor to perform a thorough inspection of the VeriSign payment processing environment. This process included an intensive review of the procedures VeriSign uses to classify, access, and store sensitive information. In addition, VeriSign performed and in-depth analysis of network and system architecture, a complete assessment of IT policies and procedures, and an on-site inspection of physical data-center facilities. Complying with MasterCard SDP involved a two-step process. VeriSign completed a self-evaluation of its security procedures, with a detailed analysis of its Web infrastructure, to showcase VeriSigns compliance with MasterCard standards. MasterCard then performed compliance testing, scanning VeriSign Payment Services solutions in a controlled environment to ascertain their viability. The SAS70 compliance process involves a formal, in-depth report by a third party auditor that analyzes the design, implementation, and operational effectiveness of the controls that reside within a service organization. The SAS70 audit report allows service organizations to disclose their control activities and processes to customers, thus demonstrating adequate controls and safeguards are in place. The addition of Section 404 of the Sarbanes-Oxley Act make SAS70 audit reports even more important to the process of reporting effective internal controls.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.