A-LIGN Blog

PCI DSS Requirement 6.2 Risk Ranking Vulnerabilities – Is your organization ready?

The Payment Card Industry Data Security Standards (“PCI DSS”) version 2.0 dated October 2010 became effective on January 1, 2011.  There were many subtle and not so subtle changes from the previous version of the standard.  The majority of the change became effective January 1, 2011, when requirement 6.2 was only considered a “best practice” […]

Read More

Integrated Audit of Financial Statements – Relevance of an SSAE 16 Report

  Over the many years, while I have been working with companies as their Independent Service Auditor to help issue their SAS 70s / SSAE 16 reports, I have also been on the other side of the fence wherein I was part of the team responsible for the Audit of the Financial Statements of a […]

Read More

Common Database Vulnerabilities and Misconfigurations

I recently attended the MIS Training Institute’s Infosec Conference held in Orlando, Florida and sat in on a presentation by Josh Shaul, Chief Technology Officer with Application Security Inc.  The topic of the presentation was the top 10 most common database vulnerabilities and misconfigurations. I felt that the information was not only relevant to providing […]

Read More

Too many SSAE 16 audit detours?

  Does your Auditor offer: fixed fees? NO out-of-pocket expenses? a declining fee structure? over 250 SOC Audits of experience? the draft report within 10 days of completion? responds to your calls and emails on the same day?   If your current CPA firm is not meeting these standards, then you might want to give us […]

Read More

Why do my clients ask me for a SOC 1/SSAE 16 Report?

Let’s spend a few minutes getting back to basics. Why do your clients ask for a SOC 1/SSAE 16 report to be provided?  Your clients ask because their auditors probably asked for it.  So why do your auditors ask for this report?  The roots for SSAE 16 can be traced back to SAS 70 and […]

Read More

A-LIGN Security and Compliance Services To Present Webinar, “Reducing Audit Impact by A-LIGNing PCI DSS, SOC 1 & 2 Requirements”

Gene Geiger, Director at A-LIGN Security and Compliance Services will present a webinar to share practical recommendations for improving overall audit efficiency which will lead to reduced audit impact, audit costs and audit fatigue. The presentation will take place on April 18, 2012 from 1-2 pm EST. All individuals/organizations are invited to attend the webinar. […]

Read More

The Applicability and Benefits of a SOC 3 Report

Several of our clients, current as well as prospective have posed a question to us about the applicability of a SOC 3 report and its benefits.  I thought some additional information drawing clarity to the question will be beneficial to others who read this Blog especially for those that have the same question. So what […]

Read More

Evaluating Managed Service Providers’ PCI DSS Compliance

You need a managed service provider to outsource information technology services for your organization, but since you are in the payment card industry, they will need to be PCI DSS compliant. So you Google the service you need, compile a list of possible vendors, review their website and see that critical PCI DSS logo, so […]

Read More

Impact of the HITECH Act on HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) introduced Privacy and Security regulations to protect protected health information (“PHI”). HIPAA was primarily directed at healthcare providers, health care clearinghouses or health plans (such as an insurance company), which are referred to as covered entities (“CE”). As part of the American Recovery and Reinvestment Act of […]

Read More

Impact of the HITECH Act on HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) introduced Privacy and Security regulations to protect protected health information (“PHI”). HIPAA was primarily directed at healthcare providers, health care clearinghouses or health plans (such as an insurance company), which are referred to as covered entities (“CE”). As part of the American Recovery and Reinvestment […]

Read More