The Pragmatic Auditor's Blog

The Pragmatic Auditor Blog is about audits, assessments, compliance, and certification in the real world of information technology and services.

The Pragmatic Auditor firmly believes that:

• No one likes audits… even the IT and security audits that sound sexier than financial statements
• The vast majority of audits are not optional to the client
• Companies are over-audited due to a standards and regulations that appear “just different enough”
• There is optimization and efficiencies to be gained when aligning audit and compliance requirements with a companies core set of controls
• A refined methodology and experienced auditors can make the overall process less painful for the client
• Last but not least, there are providers out there that have invested in their security and controls and we think they should market that!

About BrightLine (www.BrightLine.com)

The blog is the official blog of BrightLine CPAs & Associates, Inc. (“BrightLine”).  BrightLine (formerly known as SAS 70 Solutions) was the first CPA firm established specifically to provide audit services in accordance with Statement on Auditing Standards No. 70 (SAS 70). The company now offers a comprehensive suite of attestation and compliance services that include SSAE 16 examinations (SOC 1), Reports on Security, Availability, Processing Integrity, Confidentiality, and Privacy (SOC 2), PCI DSS validations, ISO 27001 certification, compliance assessment, and other attestation services.

BrightLine is a licensed Certified Public Accounting firm and is registered with the Public Company Accounting Oversight Board. BrightLine is also one of the only CPA firms in the United States that is accredited as a Qualified Security Assessor (QSA) company by the PCI Security Standards Council and the only firm in the world that is also an ISO 27001 certification body.