A-LIGN Blog

New HIPAA Rules: Impact on Business Associates

As I read the “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules” recently released by the Department of Health and Human Services, I struggled to think how to summarize […]

Read More

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service Providers (“CSP”) maintain PCI DSS compliant environments and also to […]

Read More

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

  By: Gene Geiger, Partner of A-lign Security and Compliance Services In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service […]

Read More

Preparing your Collection Agency for the CFPB Examination

By: Neil Gonsalves, Director at A-LIGN OVERVIEW On October 24, 2012 the Consumer Financial Protection Bureau (CFPB) published a rule that would allow the CFPB to federally supervise the larger consumer debt collectors/collection agencies. One of the main objectives of the CFPB Examination is to ultimately help ensure that consumers that are affected by the […]

Read More

Ask A-LIGN: What is the difference between a SOC logo and a SOC seal?

By: Scott Price, Managing Partner of A-LIGN  Answer: Misuse of Service Organization Control (SOC) terminology is a common mishap in the marketplace. When it comes to the use of the SOC logo or seal, many tend to assume the terms mean the same thing (six of one, half a dozen of the other), but in reality […]

Read More

Ask A-LIGN: What is the difference between a Penetration Test and a Vulnerability Assessment?

A square is a rectangle but a rectangle is not a square. That saying always confused me in school and reminds me of the confusion in the market place between vulnerability assessments and penetration tests. A penetration test is a vulnerability assessment but a vulnerability assessment is not a penetration test. As I speak to […]

Read More

Ask A-LIGN: Is SSAE 16 a Certification?

Answer: No, SSAE 16 is not a certification. Here’s why: It is incorrect to say that you are SSAE 16 certified, because there is not a certification awarded to you after the engagement. The appropriate wording would be to state, “we have received an unqualified (Type 1 or Type 2) SSAE 16 report as a […]

Read More

Happy New Year from A-LIGN

Read More

A-LIGN 2013 Community Commitment

A-LIGN is proud to employ some of the most talented professionals in the industry who also dedicate their skills and talents to our community. Giving back to the community is a quality we value highly for all employees and in an effort to make volunteering more accessible, A-LIGN will now offer ‘community service days’ for […]

Read More

Ask A-LIGN: Why is the SAS 70 audit still asked for? I thought it no longer existed?

Answer: Correct. The SAS 70 audit has been out of existence since June 15, 2011. Many organizations are still being asked for SAS 70, frankly, due to the fact of its nearly 20-year existence and lack of education surrounding the change of the standard. Here’s Why: Since SAS 70 has been around nearly 20 years, […]

Read More