A-LIGN Insights: February 2021

In this issue we break down the future of audit automation and discuss what lies beyond the privacy policy. Plus news and information on CMMC prep, Pen Testing, Microsoft SSPA, HITRUST enhancements, and much more.

AWS and the Future of Audit Automation

As technology plays a larger role in compliance across all security frameworks and standards, it’s important to understand what technologies like AWS Audit Manager can and can’t do as part of the audit process.

Data Privacy Day: Go Beyond the Privacy Policy

Privacy regulations are increasing in number and scope. Organizations should be making proactive plans to better protect data and meet stringent privacy regulations. Here are 4 strategies to help you get ahead, before you fall behind.

What To Do With Your Pen Test Results

You’ve just completed a Pen Test. Now what? Pen Testing is more than just a check-the-box exercise. A well-executed Pen Test yields priceless insight into where your network is weak, and how to reinforce it for better protection of your data and systems.

A-SCEND Tip of the Month

When conducting an audit with A-LIGN, you can check out our crosswalk function in A-SCEND to see how close you are to meeting other security framework requirements. Save time and resources with the ability to use the same evidence across multiple frameworks.

Compliance News


Find out why resident ethical hacker Joe Cortese thinks you should add Pen Testing to your ​​​​SOC 2 plan.

Microsoft SSPA

As of December 31, 2021 SOC 2 will not be an approved framework to satisfy Microsoft SSPA requirements. Learn how Microsoft Suppliers can now use ISO 27001 + ISO 27701 instead.


HITRUST enhances MyCSF to streamline the capture and presentation of evidence intended to help collect information that is required to comply with HIPAA and regularly requested during audits.


Are you ready for CMMC? Start preparing for certification with this CMMC Survival Guide and learn how our recent C3PAO Authorization can help you.


Demonstrate your organization’s maturity of cloud security controls with a SOC 2 or ISO 27001 + CSA STAR.

Watch Now

Five Easy Steps to a Smoother Cybersecurity Audit ExperienceFive Easy Steps to a Smoother Cybersecurity Audit Experience
Presented by ISACA & A-LIGN

In this webinar we cover how to make audits much easier, including:
• Five steps you can start today to simplify the audit process
• Solutions to your security team’s most common pain points
• How technology is accelerating SOC 2, ISO 27001, HITRUST, and other common audits
• How to consolidate auditors to save time, money, and headaches

Register Now

A-LIGN Team Spotlight

Align_2017_SummerMeet Chad Gross
Associate Director of Services and International Operations

“I think data privacy and security are essential and are not mutually exclusive of each other. You can’t have privacy without inherent security. You’ve got to understand where your data is, who has access to it and what’s being done with it.”

​​​​​​Learn More