Compliance

The A-LIGN Advantage: Unify Your Audit Experience across Multiple Standards with a Single-Provider Approach

The A-LIGN Advantage: Unify Your Audit Experience with a Single-Provider Approach

“Don’t swap horses in the middle of the stream.” – Abraham Lincoln The emergence of automated security and compliance solutions still leaves organizations with a problem: these point solutions are unable to provide independent third-party certification.

Read More

Mind the Gap: How to Change Auditors without Impacting Compliance

Mind the Gap: How to Change Auditors without Impacting Compliance

Increasingly, organizations are realizing that a strategic compliance program increases operational efficiencies by replacing ad hoc and transactional audits with a more thoughtful approach. And as organizations get more serious about strategic compliance, they realize consolidation is a key component.

Read More

SOC Report Types: What You Need to Know

SOC Report Types: What You Need to Know

Organizations cannot afford to leave their clients’ trust to chance. They face complex pressures from customers, regulators and cyberattacks to implement appropriate controls within their environments to protect customer and proprietary data.

Read More

FIPS 140-2 and FedRAMP: A 3PAO Perspective

FIPS 140-2 and FedRAMP: A 3PAO Perspective

Many organizations understand encryption is the key to keeping sensitive information secure, but there are several options like modules and algorithms to choose from – many without an established standard.

Read More

Privacy Shield and the GDPR: Inadequate Protection for Cross-border Data Transfers

Privacy Shield and the GDPR

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a landmark judgement that Privacy Shield is “invalid” because it does not provide “adequate protection” under Article 45 of the General Data Protection Regulation (GDPR) for transfers of personal data of individuals located in the European Union to the United States.

Read More

The New Normal:
Fully-Enabled Remote Audits

The New Normal: Fully-enabled Remote Audits

The new normal is anything but normal, but before we join in the chorus of “uncertain times” let’s take a moment to reflect on how standards organizations have responded to COVID-19 to enable remote audits so that organizations can continue to demonstrate trust.

Read More

Understanding Microsoft SSPA Attestation

understanding microsoft sspa attestation

Microsoft’s Supplier Security and Privacy Assurance Program (SSPA), formerly known as the Vendor Privacy Assurance Program, is an initiative designed to standardize and strengthen how Microsoft’s customer, partner, and employee information is handled by Microsoft vendors worldwide.

Read More

ISO 27701 Streamlines Data Privacy, Incorporates GDPR and CCPA concepts into Certifiable Standard

ISO 27701 Streamlines Data Privacy A-LIGN GDPR CCPA

Let A-LIGN guide your journey from Information Security Management System (ISMS) to Privacy Information Management System (PIMS)

Read More

HITRUST Assurance Advisory Adds Strategic Scoping Factors

HITRUST Assurance Advisory Strategic Scoping

Even though compliance is an on-going process, each individual assessment has its own lifecycle, which begins with a self-assessment of scoping factors. This can be a tedious process to complete for every audit, especially if the same questions get asked more than once, or continue to show up in assessment requirements.

Read More

HITRUST Bridge Assessment Offers Relief From Pandemic Pressures

HITRUST Bridge Assessment

HITRUST is granting organizations the ability to gain a 90-day grace period to demonstrate continuous compliance with its new Bridge Assessment.

Read More