Compliance

7 HITRUST Factors to Consider for Federal Compliance

Our discussion of HITRUST regulatory factors continues with a focus on federal compliance and their influence on HITRUST. Here are 7 HITRUST regulatory factors to consider for federal compliance, and our recommendations on how to address them. 

Read More

NIST 800-53 Rev. 5 Adopts a Strategic Compliance Approach, Puts Privacy at a Premium

The National Institute of Standards and Technology’s (NIST) latest version of Special Publication 800-53 places an enhanced focus on privacy controls and supply chain risk management.

Read More

Ace Your SOC Report with a SOC Audit Checklist

For many organizations, obtaining a System and Organization Controls (SOC) attestation report is table stakes for doing business.

Read More

7 HITRUST Regulatory Factors to Consider for Healthcare

7 HITRUST Regulatory Factors to Consider for Healthcare

This article is Part One of a Four-part Series on the HITRUST Framework When you think of HITRUST, you probably think of healthcare. After all, HITRUST was originally created as the “Health Information Trust Alliance.”

Read More

The A-LIGN Advantage: Unify Your Audit Experience across Multiple Standards with a Single-Provider Approach

The A-LIGN Advantage: Unify Your Audit Experience with a Single-Provider Approach

“Don’t swap horses in the middle of the stream.” – Abraham Lincoln The emergence of automated security and compliance solutions still leaves organizations with a problem: these point solutions are unable to provide independent third-party certification.

Read More

Mind the Gap: How to Change Auditors without Impacting Compliance

Mind the Gap: How to Change Auditors without Impacting Compliance

Increasingly, organizations are realizing that a strategic compliance program increases operational efficiencies by replacing ad hoc and transactional audits with a more thoughtful approach. And as organizations get more serious about strategic compliance, they realize consolidation is a key component.

Read More

SOC Report Types: What You Need to Know

SOC Report Types: What You Need to Know

Organizations cannot afford to leave their clients’ trust to chance. They face complex pressures from customers, regulators and cyberattacks to implement appropriate controls within their environments to protect customer and proprietary data.

Read More

FIPS 140-2 and FedRAMP: A 3PAO Perspective

FIPS 140-2 and FedRAMP: A 3PAO Perspective

Many organizations understand encryption is the key to keeping sensitive information secure, but there are several options like modules and algorithms to choose from – many without an established standard.

Read More

Privacy Shield and the GDPR: Inadequate Protection for Cross-border Data Transfers

Privacy Shield and the GDPR

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a landmark judgement that Privacy Shield is “invalid” because it does not provide “adequate protection” under Article 45 of the General Data Protection Regulation (GDPR) for transfers of personal data of individuals located in the European Union to the United States.

Read More

The New Normal:
Fully-Enabled Remote Audits

The New Normal: Fully-enabled Remote Audits

The new normal is anything but normal, but before we join in the chorus of “uncertain times” let’s take a moment to reflect on how standards organizations have responded to COVID-19 to enable remote audits so that organizations can continue to demonstrate trust.

Read More