此文章來自於奇摩知識+ 如有不適請留言告知撤除
標題:急問!!!何謂webtrust??贈20點!!
發問:
拜託大家幫幫忙囉…急問!!!何謂webtrust??並請詳細說明一下定義,及若能提供使用案例就更好了…
最佳解答:
WebTrust 「 網 譽 認 證 」 服 務 計 劃 是 : 一 套 電 子 商 貿 的 標 準 , 包 含 了 全 球 主 要 的 作 業 實 務 及 要 求 ; 它 獨 立 地 核 實 一 個 網 站 是 否 符 合 標 準 ; 聯 機 業 務 獲 得 國 際 認 可 的 「 網 譽 認 證 」 , 表 示 該 聯 機 業 務 符 合 嚴 格 標 準 。 某 一 聯 機 網 站 擁 有 「 網 譽 認 證 」 , 即 表 示 該 公 司 已 通 過 由 一 位 持 牌 執 業 會 計 師 、 特 許 會 計 師 或 同 等 專 業 資 格 人 士 所 進 行 的 「 網 譽 認 證 」 檢 查 。 在 「 網 譽 認 證 」 計 劃 下 , 聯 機 公 司 需 要 接 受 「 網 譽 認 證 」 持 牌 執 業 會 計 師 的 定 期 檢 查 , 以 確 保 它 遵 從 「 網 譽 認 證 」 的 現 有 原 則 , 包 括 : 聯 機 私 隱 資 訊 保 安 作 業 實 務 及 交 易 完 整 性 可 用 性 為 核 證 機 關 而 設 的 「 網 譽 認 證 」 時下,電子商務作為一種對傳統商務模式的革命性產物,正成為上市公司和證券市場上的熱門話題。但現階段電子商務在全球的推廣中也遇到了明顯的瓶頸,突出的是網上交易的安全性。德勤會計師行全球企業風險事業部主席、合夥人約翰遜近期專程來到上海推廣國外正日益興起的一種被稱為CPA-Webtrust(網譽認證)的推動電子商務發展的認證。他在接受本報記者獨家專訪時說,CPA-Webtrust將為上網交易者提供安全感。 約翰遜先生介紹說,目前全球因特網發展特快,但只有大約20-25%的上網族曾在網上進行過各種類型的交易。之所以網上交易還不為大多數人所接受,主要原因是交易者對交易對像不熟悉,對交易的安全性有顧慮,擔心個人隱私方面的資料被公開或利用等。因此,有調查顯示,約有70-85%的網上交易者不願透露自己的個人資料及信用卡號。而在這些人中,在問及那些不在網上交易的人在網站有CPA-Webtrust認證後會不會參與交易時,50%的人回答願意。因此,在這種不見面的電子商務世界裡,參與交易者特別需要一個來自獨立的第三方的保證,以使自己在網上交易時獲得安全感,而CPA-Webtrust認證提供的就是這樣的安全感。 就像ISO9000認證一樣,CPA-Webtrust認證也是一種國際標準化認證。它是由美國、加拿大註冊會計師協會共同創辦的,英國、法國、澳大利亞、荷蘭、新西蘭等國也由美、加註冊會計師協會授權從事此種認證,香港正在申請得到授權。CPA-Webtrust認證主要涉及三個方面:一是對交易過程的披露;二是網站設立者本身有足夠的內部控制程序;三是交易的安全性。簡單地說,CPA-Webtrust認證所要確認的是,就是從事電子商務的網站設立者按照有關標準,是不是該說的都說了,說的是不是都做到了。認證提供的是一種公允性、安全感。 約翰遜先生還向記者介紹了CPA-Webtrust認證的開展情況。他說,國際上CPA-Webtrust認證也僅僅起步於98年初。到去年底,已有4個國家的20-25個網站獲得了這種認證。預計今年可能會有100個左右的網站通過認證,明年有500個。得到認證的網站可在網站上標出有關的特許標誌。上網進行交易者在利用這類網進行電子商務活動時安全性將更有保證。獲得認證的網站今後每3個月都要接受檢查。以確認是否可以繼續使用特許標誌。 身兼美國註冊會計師協會、加拿大註冊會計師協會電子商務保障委員會主席的約翰遜先生告訴記者,全球五大會計師行目前都能進行CPA-Webtrust認證,德勤是最早有資格認證的會計師行之一,也是目前認證業務最大者。他表示,德勤會計師行目前正在積極準備,以在中國推廣CPA-Webtrust認證。
其他解答:
信任服務概要, WEBTRUST 和SYSTRUST 信任服務被定義和: 一套專業保證和咨詢服務根據一個共同的框架(即, 核心套原則和標準) 演講風險和機會它。在信任服務的發展, 宗旨將建立核心套原則和相關的標準為關鍵區與它, 電子商務、e-business, 和系統有關。這些形成為相關service(s) 的交付的測量依據。 信任服務原則和標準被組織入四個寬廣的區域: 個體定義了和提供了它的policies1 與特殊原則有關的政策。通信個體通信了它的被定義的政策對授權用戶。規程個體使用規程達到它的目標與它的被定義的政策符合。監測個體監測系統和採取行動維護遵照它的被定義的政策。 http://www.webtrust.org/overview.htmOVERVIEW OF TRUST SERVICES, WEBTRUST AND SYSTRUSTTrust Services are defined as: A set of professional assurance and advisory services based on a common framework (i.e., a core set of principles and criteria) to address the risks and opportunities of IT.In the development of Trust Services, the objective was to establish a core set of principles and related criteria for key areas related to IT, e-commerce, e-business, and systems. These form the measurement basis for the delivery of the related service(s).The Trust Services principles and criteria are organized into four broad areas:PoliciesThe entity has defined and documented its policies1 relevant to the particular principle.CommunicationsThe entity has communicated its defined policies to authorized users.ProceduresThe entity uses procedures to achieve its objectives in accordance with its defined policies.MonitoringThe entity monitors the system and takes action to maintain compliance with its defined policies.The following principles and criteria have been developed by the AICPA/CICA for use by practitioners in the performance of Trust Services engagements, including SysTrust and WebTrust:SecurityThe system is protected against unauthorized access (both physical and logical).AvailabilityThe system is available for operation and use as committed or agreed.Processing IntegritySystem processing is complete, accurate, timely, and authorized.PrivacyPersonal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the AICPA/CICA Trust Services Privacy Criteria.ConfidentialityInformation designated as confidential is protected as committed or agreed.Trust Services helps differentiate entities from their competitors by demonstrating to stakeholders that the entities are attuned to the risks posed by their environment and equipped with the controls that address those risks. Therefore, the potential beneficiaries of Trust Services assurance reports are consumers, business partners, creditors, bankers and other creditors, regulators, outsourcers and those using outsourced services, and any other stakeholders who in some way rely on electronic commerce (e-commerce) and IT systems.Tremendous amounts of information are now readily available. This information has evolved into much more than just basic recordkeeping data. Information and the systems that produce it have become critical components in an entity’s day-to-day operations, the production of products or services, customer and partner relations, and so on. Given this dependence, corporate management and their boards of directors, among others, are concerned about whether the systems on which they rely provide timely, reliable information.Despite the importance of IT in business today, lack of reliability remains problematic. Many information systems today are technically complex, with large databases that are breeding grounds for errors and other compromises to data and data-related functions. In addition, as a result of the great speed of operations of many of today’s systems, errors can travel very far “downstream” before being noticed. Because many systems are interconnected, errors in one system often have a domino effect on other systems as well—even beyond the entity’s boundaries, where the errors reach suppliers, customers, business associates, and investors. Thus, even the best-designed information systems on which many stakeholders now rely may be fallible.Additional Security and Other Risks Security and privacy concerns have become more prominent: Security breaches have become more frequent and are more often reported. For instance, denial of service attacks affect many prominent e-commerce sites. E-mail viruses and worms have taken advantage of system weaknesses to cause significant disruptions to businesses. Consumer attitudes toward privacy have shifted. Consumers’ concerns over privacy are taking a massive toll by preventing Internet commerce to reach its full potential. Entities have found themselves unprepared for the failures of systems of all types. Sanctions have been levied against entities that have failed to properly respect privacy standards. Need for TrustA variety of factors have combined to make trust an issue. Factors such as globalization, the anonymity of e-commerce, and an increasing reliance on complex and powerful IT systems have caused concerns among business customers and partners leading to a decline in trust. These issues are addressed with the services provided by practitioners using the Trust Services framework.WebTrustThe WebTrust service is actually comprised of a “family” of assurance services designed for e-commerce-based systems and, upon attainment of an unqualified assurance report, would entitle the entity to display a WebTrust Seal and accompanying practitioner’s report on its Web site. The WebTrust family of branded assurance services includes the following, applied in the context of an e-commerce system: WebTrust Online Privacy. The scope of the assurance engagement includes the relevant online Privacy principle and criteria. WebTrust Consumer Protection. The scope of the assurance engagement includes both the Processing Integrity and relevant online Privacy Principles and Criteria. WebTrust. The scope of the assurance engagement includes one or more combinations of the Principles and Criteria not anticipated above. WebTrust for Certification Authorities. The scope of the assurance engagement includes the Principles and related Criteria unique to certification authorities (see Chapter 6). SysTrustThe SysTrust service is also comprised of a "family" of assurance services designed for a wide variety of IT-based systems as may be defined by the entity and, upon attainment of an unqualified assurance report, would entitle the entity to display a SysTrust Seal and accompanying auditor's report. The SysTrust family of branded assurance services includes the following, applied in the context of an entity's defined system:SysTrust-Systems Reliability. The scope of the assurance engagement includes the Security, Availability, and Processing Integrity Principles and Criteria. SysTrust. The scope of the assurance engagement includes one or more combinations of the Principles and Criteria not anticipated above. An important aspect of both the SysTrust and WebTrust brands is that they are designed to be sufficiently flexible to meet the needs of those entities wanting to be examined. Both brands were initially developed with the idea that they would result in attest (audit) level assurance. In practice, however, the Trust Services Principles and Criteria can be used as a basis for providing both advisory and assurance services. 1The term policies refers to written statements that communicate management's intent, objectives, requirements, responsibilities, and/or standards for a particular subject. Such communications may be explicitly designated as policies while others may be implicit (such as, communications with users not otherwise documented as policies, written procedures, etc.). Policies may take many forms but should be in writing.
此文章來自於奇摩知識+ 如有不適請留言告知撤除
288E4F8F8DD0FAC1
文章標籤
全站熱搜
留言列表
