SOC 2/AT-C 105 and 205

The Perfect Match: Benefits of Adding SOC for Cybersecurity to Your SOC 2 Audits

Security efforts continue to change as industries evolve introducing new procedures, processes, and tools. To mitigate these new challenges, governing bodies continue to release new standards and guides to help organizations validate specific controls. As the number of audit options increase, understanding the capabilities and functions are critical. It’s important…

Read More

SOC 2 vs SOC for Cybersecurity: 3 Main Differences

Organizations want to ensure that the personal assets of potential and existing clients are protected. To do so, organizations can validate their controls through a variety of assessments, but choosing the right one for your organization’s specific needs can be a difficult process. Through the new SOC for Cybersecurity examination,…

Read More

SOC 2 vs. ISO 27001: Which is the Right Assessment for Your Organization?

Companies continue to struggle with the decision between selecting the SOC 2 examination or ISO 27001 certification.  Often customer contracts require either audit or competitors have one or the other.  Although these security standards serve a similar purpose, there are some key decision factors that may help your organization determine the…

Read More

SOC 2: 2016 Updates and the Privacy Principle Integration

Overview of Privacy Principle and SOC 2 Updates In order to clarify and eliminate redundancy within the requirements of the trust services criteria for privacy, changes have been made to the SOC 2 privacy principle guidelines. While most of these changes are clarification-based, the addition of privacy to the common…

Read More

HITRUST Assessment Types & HITRUST Integration with SOC 2

Don’t make the climb to compliance more difficult than it has to be. With a comprehensive framework for organizations of any size, system or regulatory requirement, the HITRUST CSF allows for organizations to easily assess their current compliance while providing implementation requirements based on an organization’s risk…

Read More

Provide Peace of Mind to Lenders and Consumers with the A-LIGN Difference

The A-LIGN Difference = Peace of Mind + Trusted Advisor + Competitive Advantage Most lenders/stakeholders now ask title insurance and settlement companies to demonstrate compliance with ALTA’s Best Practices. There exists a lot of uncertainty and confusion in the industry as to how a title insurance and settlement company can…

Read More

A-LIGN’s ALTA Best Practices: Engagement Options Guide

American Land Title Association (ALTA) Best Practices: Engagement Options Most people in the industry are confused as to what to do as it comes to ALTA Best Practices assessments and are even more confused when they read so many articles in the press or hear different opinions from industry experts.

Read More

How SOC Audits Can Help Save on Errors & Omissions Insurance

As many companies look to reduce costs, one cost that continues to rise as the company grows is Errors and Omissions (E/O) insurance premiums. Both company liability and personal liability of the board of directors and owners is a topic that continues to be a focus of litigation. One of the ways a company can demonstrate they have sound controls over their control environment (which includes the tone at the top, board of directors’ participation, management oversight, etc) is to have a SOC audit conducted by a third-party auditing firm such as A-LIGN. 

Read More

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of sensitive data will inevitably lead a cloud service provider to need a specific audit performed by a third-party entity, such as A-LIGN, due to legal, regulatory and/or contractual obligations.  It is important for cloud service providers to understand its obligations first when selecting an audit.  

Read More