Independent Accountant s Report

Similar documents
REPORT OF THE INDEPENDENT ACCOUNTANT

REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS

Independent Accountant s Report

Independent Accountant s Report

To the management of Entrust Datacard Limited (formerly known as Entrust Limited, hereinafter Entrust ) and Trend Micro, Inc.

To the management of Entrust Datacard Limited (formerly known as Entrust Limited, hereinafter Entrust ) and Trend Micro, Inc.

REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS

Independent Accountant s Report

Report of Independent Accountants

Report of Independent Accountants

Management Assertion Logius 2013

שרוני - שפלר ושות' רואי חשבון

Independent Accountants Report. Utrecht, 28 January To the Management of GBO.Overheid:

Report of Independent Accountants

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

Period from October 1, 2013 to September 30, 2014

Independent Certified Public Accountant s Report

SOC 3 for Security and Availability

California ISO Audit Results for 2011 SSAE 16 & Looking Forward for 2012 December 15, 2011

SERVICE ORGANIZATION CONTROL 3 REPORT

C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers

SAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

( ' ' (6-6 (6/%& A ' (6 -& (6 - & & (& %& (6-6 (6 $&&&

Adopting SSAE 18 for SOC 1 reports

CSF to Support SOC 2 Repor(ng

ISACA Cincinnati Chapter March Meeting

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Wescom Solutions, Inc. Practitioner Engagement Android Version CFR EPCS Certification Report

Information for entity management. April 2018

Making trust evident Reporting on controls at Service Organizations

Audit Considerations Relating to an Entity Using a Service Organization

Introduction of the Identity Assurance Framework. Defining the framework and its goals

International Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017

Issue for Consideration: Appropriateness of the Drafting of Paragraph A17

Schedule Identity Services

Error! No text of specified style in document.

THE CARTER CENTER, INC. Supporting Psychosocial Health and Resilience in Liberia Project from the International Development Association (World Bank)

Audit Guidelines Super Audio CD Player Patent License Agreement

STATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA FAYETTEVILLE STATE UNIVERSITY

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Assuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

SOC Reporting / SSAE 18 Update July, 2017

Service Organization Control (SOC) Reports: What they are and what to do with them MARCH 21, 2017

Maryland Health Care Commission

International Standard on Auditing (UK) 505

SAS70 Type II Reports Use and Interpretation for SOX

DOCUMENTS REQUIRED ALONG WITH APPLICATION FORM FOR INDIVIDUALS

EXPOSURE DRAFT. Based on: CA/Browser Forum. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.1.

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

ISA 540 (Revised): Update. May 2018 ASB meeting Dan Montgomery May 17, 2018

The Value of ANSI Accreditation. Top 10 Advantages. of accredited third-party conformity assessment

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Ethics and Professional Conduct for Colorado CPAs CR&R. Course #4000N Exam Packet

INTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS CONTENTS

CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance

SOC for cybersecurity

National Vocational Qualifications Delivered Overseas policy

Learning Objectives. External confirmations procedures as per SA330 and SA 500 requirements

Telia CA response to Public WebTrust Audit observations 2018

Self-Assessment Questionnaire A

Case 1:99-mc Document 298 Filed 04/13/12 Page 1 of 7 PageID #: IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF DELAWARE

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Re: Exposure Draft Proposed ISAE 3402 on Assurance Reports on Controls at a Third Party Service Organization

AND ASSURANCE AN INTEGRATED APPROACH SIXTEENTH EDITION GLOBAL EDITION

Ethics for Virginia CPAs

EXTERNAL CONFIRMATIONS SRI LANKA AUDITING STANDARD 505 EXTERNAL CONFIRMATIONS

Building the Archives of the Future: Self-Describing Records

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

Transitioning from SAS 70 to SSAE 16

ADVANCED AUDIT AND ASSURANCE

COMMON CRITERIA CERTIFICATION REPORT

FPKIPA CPWG Antecedent, In-Person Task Group

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

IT Security Evaluation and Certification Scheme Document

Within our recommendations for editorial changes, additions are noted in bold underline and deletions in strike-through.

Texas A&M University: Learning Management System General & Application Controls Review

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

PCI DSS Q & A to get you started

DISADVANTAGED BUSINESS ENTERPRISE PROGRAM. Unified Certification Program OKLAHOMA

Internet Corporation for Assigned Names and Numbers ( ICANN )

2018 Certified Paralegal Examination FAQs

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

SDL Privacy Policy Cloud Services

International Standard on Auditing (Ireland) 505 External Confirmations

SEMI 4845 NEW STANDARD:

DOCUMENTS REQUIRED ALONG WITH APPLICATION FORM FOR INDIVIDUALS

Certificate. Certificate number: Certified by EY CertifyPoint since: July 10, 2018

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.

Apple Inc. Certification Authority Certification Practice Statement

Certification Report

Workday s Robust Privacy Program

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

Level 5 Award in the Independent Auditing of External Quality Assurance. Qualification Specification

Emsi Privacy Shield Policy

SECURITY & PRIVACY DOCUMENTATION

Certification Report

Transcription:

Tel: 314-889-1100 Fax: 314-889-1101 www.bdo.com 101 South Hanley Road, Suite 800 St. Louis, MO 63105 Independent Accountant s Report To the Management of Visa U.S.A. Inc. ( Visa ): We have examined Visa management s assertion for its Certification Authority ( CA ) operations at Highlands Ranch, Colorado and Ashburn, Virginia throughout the period April 1, 2016 to March 31, 2017 for its root CA, referred to as Visa ECC Public Root, listed in Appendix A, Visa has: disclosed its business, key life cycle management, certificate life cycle management, and CA environment control practices in its: - Visa Public Key Infrastructure Certification Practice Statement, Version 3.1, Effective March 31, 2017; - Visa Public Key Infrastructure Certification Practice Statement, Version 3.0, Effective March 3, 2016; - Visa Public Key Infrastructure Certificate Policy, Version 3.1, Effective March 31, 2017; and - Visa Public Key Infrastructure Certificate Policy, Version 3.0, Effective March 3, 2016 maintained effective controls to provide reasonable assurance that: - Visa s Certification Practice Statement is consistent with its Certificate Policy; and - Visa provides its services in accordance with its Certificate Policy and Certification Practice Statement maintained effective controls to provide reasonable assurance that: - the integrity of keys and certificates it manages is established and protected throughout their lifecycles; - the integrity of subscriber keys and certificates it manages is established and protected throughout their lifecycles; - subscriber information is properly authenticated; and - subordinate CA certificate requests are accurate, authenticated, and approved maintained effective controls to provide reasonable assurance that: - logical and physical access to CA systems and data is restricted to authorized individuals; - the continuity of key and certificate management operations is maintained; and - CA systems development, maintenance, and operations are properly authorized and performed to maintain CA systems integrity based on the Trust Service Principles and Criteria for Certification Authorities version 2.0. Visa s management is responsible for its assertion. Our responsibility is to express an opinion on management s assertion based on our examination. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms.

The relative effectiveness and significance of specific controls at Visa and their effect on assessments of control risk for subscribers and relying parties are dependent on their interaction with the controls and other factors present at individual subscriber and relying party locations. Our examination did not extend to controls at individual subscriber and relying party locations and we have not evaluated the effectiveness of such controls. Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards require that we plan and perform the examination to obtain reasonable assurance about whether management s assertion is fairly stated, in all material respects. An examination involves performing procedures to obtain evidence about management s assertion. The nature, timing, and extent of the procedures selected depend on our judgment, including an assessment of the risks of material misstatement of management s assertion, whether due to fraud or error. We believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our opinion. Because of the nature and inherent limitations of controls, Visa s ability to meet the aforementioned criteria may be affected. For example, controls may not prevent, or detect and correct, error, fraud, unauthorized access to systems and information, or failure to comply with internal and external policies or requirements. Also, the projection of any conclusions based on our findings to future periods is subject to the risk that changes may alter the validity of such conclusions. In our opinion management s assertion, as referred to above, is fairly stated, in all material respects. This report does not include any representation as to the quality of Visa s services other than its CA operations at Highlands Ranch, Colorado and Ashburn, Virginia, nor the suitability of any of any of Visa s services for any customer's intended purpose. Certified Public Accountants St. Louis, Missouri July 26, 2017 2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback