Posts by Andrew Houshian
Andrew Houshian is an Associate Director of SOC and Attestation Services at A-LIGN. Andrew’s responsibilities include supporting and managing the completion of SOC and attestation reports, supervising teams in the field, and maintaining key client relationships. Andrew has over 9 years of experience performing SOC and attestation engagements.
10.22.2019
SOC 1 or SOC 2: Which Is Right for My MSP?
Managed service providers (MSPs) provide a valuable service by enabling companies of all sizes to outsource their key information technology processes. Many of those companies who look to engage an MSP ask whether a SOC 1 or SOC 2 Examination has been completed to assess the MSP’s security posture.
Read More09.24.2019
SOC 2 for Startups: Boosting Your Startup with SOC 2
SOC 2 for startups may seem like a difficult endeavor given the moving parts involved in launching and maintaining a successful startup. From funding to revenue, it can be easy to neglect compliance examinations like a SOC 2 Examination – or delay completing one until a future date.
Read More04.25.2019
The SOC 1 Examination Process
Do you understand the SOC 1 examination process? Our assessors take you from scoping through report delivery to understand all of the steps needed to complete an examination.
Read More03.18.2019
Everything You Need to Know About Bridge Letters
Bridge letters are an important element of SOC 1 and SOC 2 examinations that you may not be aware of and can help provide your clients with additional confidence regarding the effectiveness of your organization’s controls environment at no additional cost or time.
Read More07.10.2018
Why You Should Conduct a SOC for Cybersecurity Examination to Manage Your Organization’s Cyber Risk
In response to the increase in cyber threats, the American Institute of CPAs (AICPA) issued the Cybersecurity Risk Management Reporting Framework, also known as System and Organization Controls (SOC) for Cybersecurity, a flexible and voluntary framework for organizations in any industry to take a proactive approach to cybersecurity risk management.
Read More06.06.2018
Cloud Security for CSPs: It’s Up to You AND Your Clients
How can you as a Cloud Service Provider (CSP) improve the security your clients are demanding of you?
Read More03.15.2018
SOC Reports: Type 1 vs Type 2 vs Readiness Assessment
Your client requested a SOC report, but what’s next? For organizations seeking a SOC 1, SOC 2, or ISAE 3402, there are two attestation options available: Type 1 and Type 2. Additionally, a readiness assessment can be performed to prepare your organization for the attestation.
Read More03.05.2018
Understanding Microsoft SSPA Attestation
About Microsoft SSPA Attestation The Microsoft Supplier Security and Privacy Assurance Program (SSPA), formerly known as the Vendor Privacy Assurance Program, is an initiative designed to standardize and strengthen how Microsoft’s customer, partner, and employee information is handled by Microsoft vendors worldwide.
Read More02.20.2018
Updates to the AICPA’s SOC 2 Framework
The American Institute of Certified Public Accountants (AICPA) recognizes the growing demand for transparency and strengthened controls within multifaceted risk environments. The SOC 2 framework continues to improve the security measures that should be implemented to protect organizations against emerging threats.
Read More10.19.2017
Ask an Assessor: Death Master File
The Death Master File (DMF) is a protected file that includes information regarding the deceased such as: Name Date of Birth Date of Death Social Security Number Since November 28, 2016, organizations have faced a stricter certification process to be granted access to the DMF. In that time, A-LIGN has served as an Accredited Conformity […]
Read More
