Compliance

A-LIGN Completes SOC 2 Type 2 Audit for A-SCEND

SOC 2-keyboard

A-LIGN, a global cybersecurity, cyber risk and privacy, and compliance firm has announced the successful completion of the Service Organization Control (SOC) 2 Type 2 audit for its GRC software, A-SCEND.

Read More

HITRUST CSFBASICs: A New Framework Designed for Smaller Healthcare Organizations

HITRUST-CSF-Basics

As the data breach landscape in the healthcare industry evolves, so do organizations and their compliance with regulatory requirements. Doing ‘nothing’ to protect healthcare data is no longer an acceptable approach for small healthcare entities.

Read More

PCI DSS v3.2 and the Penetration Testing Requirements for Service Providers

Penetration-test-PCI

In April 2016, the Payment Card Industry Security Standards Council (PCI SSC) released PCI Data Security Standard (PCI DSS) version 3.2.  With the updates came clarification to requirements, additional guidance, and the additional seven new requirements.

Read More

HITRUST Appoints Steve Simmons and Blaise Wabo to the HITRUST CSF Assessor Council

HITRUST-appoints-Steve-and-Blaise

The HITRUST Alliance has appointed Steve Simmons, Director of Compliance at A-LIGN, and Blaise Wabo, Senior Manager at A-LIGN, to the HITRUST CSF Assessor Council.

Read More

What to Expect in the HITRUST CSF v9.1 Release

What-to-expect-hitrust-csf

HITRUST confirmed the HITRUST CSF Version 9.1 would be scheduled to release to the assessor community this month, January 2018 for review and to provide feedback.

Read More

DFARS NIST 800-171 Compliance Deadline Quickly Approaching

The deadline for nonfederal contractors and subcontractors to meet DFARS NIST-171 compliance to maintain government contracts is December 31, 2017. Starting January 1, 2018, organizations must demonstrate compliance to win new and/or uphold existing Department of Defense (DoD) contracts. Organizations with existing contracts who fail to be compliant by 2018 may face breach of contract […]

Read More

FedRAMP Tailored: New Program for Cloud Service Providers (CSPs)

The Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, released FedRAMP Tailored on September 28, 2017. This new Baseline was designed and developed for Cloud Service Providers (CPS) with Low-Impact Software-as-a-Service (LI-SaaS) Systems, supporting emerging technology […]

Read More

How Audits Enhance Your Business and Drive Revenue

Today, many businesses are presented with the opportunity for growth and development. With these new opportunities come risks and challenges, many of which they have never seen before. The digital landscape is as vast as it is complex, and businesses are seeking proactive guidance to address their information security risks, as well as meet their […]

Read More

Future of Healthcare: The Transforming Healthcare Industry [Free Download]

The healthcare environment is extremely dynamic, forcing organizations to find the right solution to match the rising challenges. Many of these solutions introduce new and emerging technologies, leaving healthcare organizations with increased vulnerabilities. Healthcare organizations of every size and type can be breached, so exploring every security solution is critical. In 2016, major cyber-attacks on […]

Read More

Ask an Assessor: Death Master File

The Death Master File (DMF) is a protected file that includes information regarding the deceased such as: Name Date of Birth Date of Death Social Security Number Since November 28, 2016, organizations have faced a stricter certification process to be granted access to the DMF. In that time, A-LIGN has served as an Accredited Conformity […]

Read More