Compliance

FedRAMP vs. FISMA: Choosing the Right Standard for Your Federal Clients

When pursuing federal clients or servicing existing federal clients, there are a number of unique compliance needs due to the sensitivity of the federal information. Standards such as FedRAMP and FISMA exist to create consistent security standards for organizations seeking federal agency clientele. FISMA, or the Federal Information Security Management Act of 2002 is the […]

Read More

What are the differences between ISAE 3402 and SSAE 16?

The preferred reports for service organizations with direct impact on internal controls over financial reporting of their clients are the SSAE 16 (Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was issued by the Auditing Standards Board of the American Institute of Certified Public Accountants) and ISAE 3402 […]

Read More

FISMA Certification: Understanding Low, Moderate and High-Impact Systems

FISMA, or the Federal Information Security Management Act of 2002, assesses the controls outlined in NIST 800-53. You can review those requirements in Figure 1, below. One of the benefits of FISMA is that it provides different implementation options depending on the levels of potential impact for an organization or individual if there were a […]

Read More

10 Ways to Protect Your Information When Shopping Online

When the holiday season comes around, everyone is in the spirit of giving back and joining in on the festivities. This usually spurs an increase in spending and holiday shopping, most of which happens online. According to comScore and UPS’ online shopping survey, shoppers are now making 51% of their purchases online with 44% of […]

Read More

Visa Global Registry of Service Providers: Are you on the list?

compliance-trek

Visa has released new tools and changes, which add value to service providers who store, process, or transmit cardholder data on behalf of merchants or other entities. For years, Visa has offered service providers the Visa Global Registry of Service Providers, a prestigious list of entities which meet certain criteria and have completed a PCI […]

Read More

FedRAMP: Outline of Timeliness and Accuracy of Testing

As FedRAMP continues to emphasize the FedRAMP Accelerated program, which is meant to reduce approval time for the Joint Authorization Board (JAB), they have released additional guidance on the Timeliness and Accuracy of Testing Requirements. FedRAMP Timeliness and Accuracy of Testing There are three categories associated with testing in the authorization package: Penetration Testing Vulnerability […]

Read More

Preparing for HITRUST CSF v8

HITRUST CSF v8 To ensure the HITRUST CSF stays relevant and current with the needs of today’s healthcare organizations, the HITRUST Alliance continually updates the CSF to incorporate the changing standards and regulations associated with its authoritative sources. The updates within v8, which was release on July 1, 2016, incorporate feedback within the HITRUST community, […]

Read More

Back to Basics: What is HITRUST?

A-LIGN’s HITRUST Assessors are often asked: What is HITRUST and why do I need it? As healthcare organizations face stricter regulatory needs in light of an increase in healthcare-related breaches, many organizations are considering HITRUST as an option for risk management and mitigation. What is HITRUST? HITRUST, or the Health Information Trust Alliance, was created […]

Read More

Which HITRUST Assessment Scope Is Right for My Organization?

Which HITRUST Assesment Scope is Right for My Organization? There are 14 different control categories, each with their own number of objectives and requirements. These include the following: Information Security Management Program Access Control Human Resources Security Risk Management Security Policy Organization of Information Security Compliance Asset Management Physical and Environmental Security Communications and Operations […]

Read More

SOC 2: 2016 Updates and the Privacy Principle Integration

Overview of Privacy Principle and SOC 2 Updates In order to clarify and eliminate redundancy within the requirements of the trust services criteria for privacy, changes have been made to the SOC 2 privacy principle guidelines. While most of these changes are clarification-based, the addition of privacy to the common criteria and the addition of […]

Read More