Updates to the AICPA’s SOC 2 Framework

The American Institute of Certified Public Accountants (AICPA) recognizes the growing demand for transparency and strengthened controls within multifaceted risk environments. The SOC 2 framework continues to improve the security measures that should be implemented to protect organizations against emerging threats. Following the Trust Services Criteria (TSC) section 100 publication…

Read More

Board Members and C-Levels: Are You Ready for 2018 Cybersecurity Risks?

Within the last year, multiple laws and regulations have significantly increased cybersecurity risk management responsibility for board of director members and C-level executives. Let’s review four of these developments to ensure you have a plan in place to meet the requirements. CPU Vulnerabilities Change the Economics and Security of Cloud…

Read More

SECURETexas Certification – Is It Right for Your Organization?

SECURETexas was created per Texas House Bill 300 in 2011 to help covered entities in Texas demonstrate that they have met privacy and security standards to reduce regulatory penalties, mitigate risk, and increase business partner and consumer confidence in the protection of protected health information (PHI). About SECURETexas The SECURETexas…

Read More

A-LIGN Completes SOC 2 Type 2 Audit for A-SCEND

A-LIGN, a global cybersecurity, cyber risk and privacy, and compliance firm, has announced the successful completion of the Service Organization Control (SOC) 2 Type 2 audit for its GRC software, A-SCEND. Conducted by Exum & Exum, an independent certified public accounting firm, the SOC 2 Type 2 attestation engagement…

Read More

HITRUST CSFBASICs: A New Framework Designed for Smaller Healthcare Organizations

As the data breach landscape in the healthcare industry evolves, so do organizations and their compliance with regulatory requirements. Doing ‘nothing’ to protect healthcare data is no longer an acceptable approach for small healthcare entities. Recognizing that one assessment size does not fit all, the HITRUST Alliance (HITRUST) has…

Read More

PCI DSS v3.2 and the Penetration Testing Requirements for Service Providers

In April 2016, the Payment Card Industry Security Standards Council (PCI SSC) released PCI Data Security Standard (PCI DSS) version 3.2.  With the updates came clarification to requirements, additional guidance, and the addition seven new requirements.  Each of the new requirements were initially treated as a best practice but have…

Read More

The Gift of Giving: A-LIGN’s Annual Holiday Charity Donation Program

As we kick-off 2018 strong, we reflect on the incredible year and the milestones within. With a 210% three-year-growth, we have expanded our assessment, advisory and technical testing service offerings to meet the growing needs of our client base, enhanced our GRC application, A-SCEND, and have implemented an arsenal…

Read More

What to Expect in the HITRUST CSF v9.1 Release

HITRUST confirmed the HITRUST CSF Version 9.1 would be scheduled to release to the assessor community this month, January 2018 for review and to provide feedback. The assessors will have 30 days to provide feedback after which the CSF v9.1 final version will be released to the public in…

Read More

DFARS NIST 800-171 Compliance Deadline Quickly Approaching

The deadline for nonfederal contractors and subcontractors to meet DFARS NIST-171 compliance to maintain government contracts is December 31, 2017. Starting January 1, 2018, organizations must demonstrate compliance to win new and/or uphold existing Department of Defense (DoD) contracts. Organizations with existing contracts who fail to be compliant by 2018…

Read More