Compliance

A-LIGN’s Commitment to Quality

Commit-to-quality

What does it mean to be committed to quality? Through our quality assurance process and team, and accreditations, A-LIGN ensures that your organization receives a quality report that meets the guidelines set by the relevant audit standard. Our reports satisfy third-party inquiries and exceeds customer expectations by upholding the highest standard of work. Our dedication […]

Read More

SOC Reports: Type 1 vs Type 2 vs Readiness Assessment

Type-1-vs-Type-2-vs-Readiness-Assessment

Your client requested a SOC report, but what’s next? For organizations seeking a SOC 1, SOC 2, or ISAE 3402, there are two attestation options available: Type 1 and Type 2. Additionally, a readiness assessment can be performed to prepare your organization for the attestation.

Read More

Understanding Microsoft SSPA Attestation

Microsoft-sspa

About Microsoft SSPA Attestation The Microsoft Supplier Security and Privacy Assurance Program (SSPA), formerly known as the Vendor Privacy Assurance Program, is an initiative designed to standardize and strengthen how Microsoft’s customer, partner, and employee information is handled by Microsoft vendors worldwide. 

Read More

FFIEC Cybersecurity Assessment Tool: Frequently Asked Questions

FFIEC-image

What is the FFIEC Cybersecurity Assessment Tool? In response to the current cybersecurity landscape, the Federal Financial Institutions Examination Council (FFIEC) has developed the Cybersecurity Assessment Tool (Assessment).

Read More

Updates to the AICPA’s SOC 2 Framework

SOC 2-Aicpa

The American Institute of Certified Public Accountants (AICPA) recognizes the growing demand for transparency and strengthened controls within multifaceted risk environments. The SOC 2 framework continues to improve the security measures that should be implemented to protect organizations against emerging threats.

Read More

SECURETexas Certification – Is It Right for Your Organization?

SecureTexas

SECURETexas was created per Texas House Bill 300 in 2011 to help covered entities in Texas demonstrate that they have met privacy and security standards to reduce regulatory penalties, mitigate risk, and increase business partner and consumer confidence in the protection of protected health information (PHI).

Read More

A-LIGN Completes SOC 2 Type 2 Audit for A-SCEND

SOC 2-keyboard

A-LIGN, a global cybersecurity, cyber risk and privacy, and compliance firm has announced the successful completion of the Service Organization Control (SOC) 2 Type 2 audit for its GRC software, A-SCEND.

Read More

HITRUST CSFBASICs: A New Framework Designed for Smaller Healthcare Organizations

HITRUST-CSF-Basics

As the data breach landscape in the healthcare industry evolves, so do organizations and their compliance with regulatory requirements. Doing ‘nothing’ to protect healthcare data is no longer an acceptable approach for small healthcare entities.

Read More

PCI DSS v3.2 and the Penetration Testing Requirements for Service Providers

Penetration-test-PCI

In April 2016, the Payment Card Industry Security Standards Council (PCI SSC) released PCI Data Security Standard (PCI DSS) version 3.2.  With the updates came clarification to requirements, additional guidance, and the additional seven new requirements.

Read More

HITRUST Appoints Steve Simmons and Blaise Wabo to the HITRUST CSF Assessor Council

HITRUST-appoints-Steve-and-Blaise

The HITRUST Alliance has appointed Steve Simmons, Director of Compliance at A-LIGN, and Blaise Wabo, Senior Manager at A-LIGN, to the HITRUST CSF Assessor Council.

Read More