ISO 27001

Mind the Gap: How to Change Auditors without Impacting Compliance

Mind the Gap: How to Change Auditors without Impacting Compliance

Increasingly, organizations are realizing that a strategic compliance program increases operational efficiencies by replacing ad hoc and transactional audits with a more thoughtful approach. And as organizations get more serious about strategic compliance, they realize consolidation is a key component.

Read More

The New Normal:
Fully-Enabled Remote Audits

The New Normal: Fully-enabled Remote Audits

The new normal is anything but normal, but before we join in the chorus of “uncertain times” let’s take a moment to reflect on how standards organizations have responded to COVID-19 to enable remote audits so that organizations can continue to demonstrate trust.

Read More

ISO 27701: ISO Meets the GDPR

ISO 27701: ISO MEETS THE GDPR

What is ISO 27701? The ISO/IEC 27701:2019 standard was published on August 6, 2019, and provides the requirements and guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) as an extension of ISO/IEC 27001:2013 and ISO/IEC 27002:2013. This extension replaces the development standard ISO 27552.

Read More

A-LIGN Becomes an ISO 22301 Accredited Certification Body

A-LIGN ISO 22301 Accreditation Certified Body

TAMPA, Fla. ­– July 23, 2019 – A-LIGN, a global cybersecurity and privacy solutions provider that specializes in providing high-quality and innovative cybersecurity solutions for organizations to  demonstrate trust and respect to their stakeholders, received its ISO 22301 accreditation from the ANSI-ASQ National Accreditation Board (ANAB) on June 6, 2019.

Read More

5 Steps to ISO Certification

5 Steps to ISO Certification

What are the steps to ISO certification? Our assessors have completed assessments against several International Organization for Standardization (ISO) standards, and can provide your organization on insights on the process for achieving ISO certification.

Read More

The Advantages of Accredited ISO 27001 Certifications

To protect the sensitive data within an information security management system (ISMS), organizations should consider the comprehensive information security standard, published by the International Organization for Standardization, ISO 27001. This audit is a standardized-industry approach used to define and validate the processes and controls of an ISMS. Before conducting the ISO 27001 audit, an organization […]

Read More

SOC 2 vs. ISO 27001: Which is the Right Assessment for Your Organization?

Companies continue to struggle with the decision between selecting the SOC 2 examination or ISO 27001 certification.  Often customer contracts require either audit or competitors have one or the other.  Although these security standards serve a similar purpose, there are some key decision factors that may help your organization determine the appropriate assessment based on […]

Read More

Family Affair: Using ISO 27001 to conform to ISO 27017 and ISO 27018

ISO 27000 Family – Information Security Management Systems The ISO 27000 family of standards is related to an organization’s information security management systems, or ISMS. This international standard helps organizations by providing a clear set of requirements that can be used to manage the security of the business’ assets. An ISMS is a systematic approach […]

Read More

ISO 27001: The Four Most Common Post-Certification Pitfalls

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. Becoming ISO 27001 certified is a rigorous process for most organizations but the work should not stop after receiving the sought after certification. We want to ensure that your organization does not fall victim to these common pitfalls so that […]

Read More

Strengthening the Cloud: ISO 27017 and ISO 27018

As the global usage of cloud technology continues to grow, businesses must strategically consider the risk of storing protected information and explore security options in order to protect their information systems. There are multiple security standards for cloud services providers and users to utilize in order to secure the cloud-based environment and minimize potential risk […]

Read More