Compliance

Set Reminders and Stay On Track with this PCI DSS Timeline

Many organizations struggle to keep up with the PCI compliance. We walk through three key areas and share a resource with over 57 requirements to check off and the related timeframes prescribed by the PCI DSS that you need to adhere to.

Read More

CMMC Expert Tony Bai on the DFARS Interim Rule, Rollout Timelines, Certification, and More

CMMC-Expert

With questions surfacing around CMMC and the changing regulatory landscape, Tony Bai, Federal Practice Lead at A-LIGN, offers his expert advice on a variety of federal compliance topics to help you understand what frameworks your organization should care about, how you can prepare and what is on the horizon for federal compliance.

Read More

How SOC 2 Automation Will Streamline Your Audit

SOC 2 Audit

Automation is fundamentally changing the way cybersecurity audits operate. Whether you are conducting your first audit or have been running them for years, it’s important to know what automation can and can’t do, and how it will help you through the compliance process. 

Read More

Benchmark Your Compliance Program Against Your Peers – Survey Now Open

Benchmark Your Compliance Program Against Your Peers

A-LIGN’s 2021 Compliance Benchmark Survey is now open! It’s designed for IT compliance and security professionals who want to compare their compliance programs against those of similar companies. We invite you to take the 10-minute survey today before it closes at the end of February.

Read More

What are the SOC 2 Trust Services Criteria?

SOC-2-Trust-Services

The SOC 2 audit process includes 5 categories of Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity, and Privacy. These categories each cover a set of internal controls related to different aspects of your information security program. 

Read More

What’s The Difference Between SOC 2 Type I and Type II?

What’s The Difference Between SOC 2 Type I and Type II?

The difference between a SOC 2 Type I audit and a SOC 2 Type II audit is how the controls are evaluated – at a single point in time, or over a period of time. This decision can be driven by budget, timing, resources available, and what customers are asking for. 

Read More

What is a SOC 2 Report?

What is a SOC 2 Report?

In a world filled with data breaches and information leaks, establishing trust is not only critical to driving revenue, it can also be a competitive differentiator for new business. A SOC 2 report helps demonstrate to customers and business partners that you take information security seriously. 

Read More

4 Miscellaneous HITRUST Regulatory Factors to Consider

4 Miscellaneous HITRUST Regulatory Factors to Consider

Over the last few blogs, we have provided a comprehensive overview of the HITRUST landscape, from the authoritative sources at its core, to the optional regulations, or regulatory factors, that are commonly added on to a HITRUST assessment for industry-specific purposes.  

Read More

5 HITRUST Regulatory Factors to Consider for International and State-level Privacy Compliance

WS HITRUST Blog Series

There are more than 20 optional regulatory factors that an organization can consider as part of a HITRUST assessment. These are individual options, based on specific industry requirements, and can be quite tricky to parse.  

Read More

How European Companies Can Accelerate International Expansion with SOC 2 Compliance

WS EMEA Accelerate Expansion SOC2

The United States represents an attractive market for many European companies, but international expansion can be fraught with risk because of a completely different regulatory landscape. 

Read More